In the Lustrum Cyber Talk with our Chairman Jan De Blauwe, Marc Goodman looked back on the past five years' technology evolution through a unique wide-angle lens of cybercrime.
Cyber Talk: How to implement a Coordinated Vulnerability Disclosure Policy/Bug Bounty Programme for your organization? – 26 November 2020
26 novembre 2020 – Cyber Security Coalition
With a little help of 20.000 friends
Are you afraid of starting a vulnerability disclosure policy or bug bounty programme? You shouldn’t be! Quite the contrary, as Valéry Vander Geeten of the CCB and Stijn Jans of Intigriti made perfectly clear in their cybertalk. A ‘coordinated vulnerability disclosure policy’ (CVDP), supported by a bug bounty programme, provide perfect, even necessary complements to classic security measures (as e.g. pentesting). The advantages are many, as these initiatives provide a continuous testing effort by as many ‘researchers’ as you want (from a select group to a world wide community) in a controlled way (you determine the scope). Furthermore, rather than paying for ‘time spent on the job’, you only offer rewards for actual impactful vulnerabilities. As this will be new for many organizations, the CCB authored a guide about establishing a CVDP, while publishing such a policy of their own on their site.
Calling upon a partner as Intigriti to set up a ‘bug bounty’ programme can be a big help, as they provide you with a community of vetted researchers, and take care of a structured handling process (including advice, communication channel, validating claims, etc.). That leaves you as an organization free to focus on its internal process of mitigating those vulnerabilities.
Bluntly, CVDP and bug bounty programmes will not replace classic security measures, but may be regarded as absolutely necessary complements. Do consult this cybertalk to learn about the benefits and why these initiatives really are a must.
Nos autres articles
In this webinar Nataliia Bielova and Cristiana Teixeira Santos decipher EU legal requirements on consent and analyze the technical means available to verify compliance of cookie banners.
Absence of evidence is not evidence of absence! This aphorism is more than ever valid in Cyber Security, people stating that they never had a breach probably simply do not know that they have been breached. This presentation given by Luk Schoonaert – Director of Technology @ Exclusive Networks, Value Add Distributor of Emerging Technologies […]
In this webinar Semetis demystified Internet cookies and provided clarity about their working. They also provided an insight into a future without (third party) cookies.
In this webinar Marc Wouters presents the NIS supervisory strategy for Digital Service Providers. The mission of the FPS Economy is to create the conditions for a competitive, sustainable and balanced operation of the goods and services market in Belgium.