Bug bounty platform urges need for firms to have vulnerability disclosure policy


Organisations should provide a proper channel through which anyone can report vulnerabilities in their systems. This will ensure potential security holes can be identified and plugged before they are exploited.

Establishing a vulnerability disclosure policy (VDP) also would provide assurance to anyone, such as security researchers, acting in good faith that they would not face prosecution in reporting the vulnerability, said Kevin Gallerin, Asia-Pacific managing director of bug bounty platform, YesWeHack.

Read more…
Source: ZDNet