One main objective of the European Cyber Security Act is to inform business and consumers about the security of ICT products, processes and services, through certification schemes. This webinar provides solid information about the present status of the Act's implementation.
Cyber Talk: How to implement a Coordinated Vulnerability Disclosure Policy/Bug Bounty Programme for your organization? – 26 November 2020
26 November 2020 – Cyber Security Coalition
With a little help of 20.000 friends
Are you afraid of starting a vulnerability disclosure policy or bug bounty programme? You shouldn’t be! Quite the contrary, as Valéry Vander Geeten of the CCB and Stijn Jans of Intigriti made perfectly clear in their cybertalk. A ‘coordinated vulnerability disclosure policy’ (CVDP), supported by a bug bounty programme, provide perfect, even necessary complements to classic security measures (as e.g. pentesting). The advantages are many, as these initiatives provide a continuous testing effort by as many ‘researchers’ as you want (from a select group to a world wide community) in a controlled way (you determine the scope). Furthermore, rather than paying for ‘time spent on the job’, you only offer rewards for actual impactful vulnerabilities. As this will be new for many organizations, the CCB authored a guide about establishing a CVDP, while publishing such a policy of their own on their site.
Calling upon a partner as Intigriti to set up a ‘bug bounty’ programme can be a big help, as they provide you with a community of vetted researchers, and take care of a structured handling process (including advice, communication channel, validating claims, etc.). That leaves you as an organization free to focus on its internal process of mitigating those vulnerabilities.
Bluntly, CVDP and bug bounty programmes will not replace classic security measures, but may be regarded as absolutely necessary complements. Do consult this cybertalk to learn about the benefits and why these initiatives really are a must.
Other blog posts
This session of the Privacy Focus Group provides a valuable and practical primer for acquiring more insight in the issue of international data transfers after Schrems II and Brexit.
The webinar teaches you that information security must be handled in a structured way. Three Coalition members explain how frameworks such as CISM, NIST and ISO 27001 certification can support you in your role as CISO.
Audits strengthen business operations, yet many organizations are fearful of the process, rather than seeing the benefits of audits. In this webinar, you get better insights in the auditing process and how you can use audits to strenghten and mature your overall risk programme.
This webinar focuses on the context of information security through governance, more particularly on the key role of the CISO and the value of COBIT as a digital governance framework for information security activities supported by the presentation of a best practice.