Security News > 2020 > September > Vulnerability Disclosure: Ethical Hackers Seek Best Practices

Vulnerability Disclosure: Ethical Hackers Seek Best Practices
2020-09-04 16:55

The process of vulnerability disclosure has improved over the years, but still too many security researchers face threats when trying to report bugs.

Disclosure policies that give ethical hackers clear guidelines are vast and varied and are seldom universally followed, which adds to the friction between researchers and vendors.

Yeah, I'm sure over the years you saw, there have obviously been a couple of incidents where vulnerability disclosure goes wrong when it comes to, researchers who are reporting vulnerabilities to companies and then get threatened to get sued or other things might happen.

So all of these people that you wouldn't normally associate with bug bounty programs have some form of formally doing the vulnerability disclosure process and financially compensating the researchers or at least recognizing them in some way.

We see a lot of researchers out there who will work with us on with disclosure to multiple vendors in different industries and we kind of are able to act as a middleman and making sure that their research actually gets to the vendor, actually gets addressed.


News URL

https://threatpost.com/vulnerability-disclosure-ethical-hackers-seek-best-practices/158955/