Skip to content Skip to sidebar Skip to footer
Home Resources Blog Cyber Talk: How to implement a Coordinated Vulnerability Disclosure Policy/Bug Bounty Programme for your organization? – 26 November 2020

Cyber Talk: How to implement a Coordinated Vulnerability Disclosure Policy/Bug Bounty Programme for your organization? – 26 November 2020

2 minutes reading time

Cyber Talk: How to implement a Coordinated Vulnerability Disclosure Policy/Bug Bounty Programme for your organization? – 26 November 2020

Are you afraid of starting a vulnerability disclosure policy or bug bounty programme? You shouldn’t be! Quite the contrary, as Valéry Vander Geeten of the CCB and Stijn Jans of Intigriti made perfectly clear in their cybertalk.

With a little help of 20.000 friends

A ‘coordinated vulnerability disclosure policy’ (CVDP), supported by a bug bounty programme, provide perfect, even necessary complements to classic security measures (as e.g. pentesting). The advantages are many, as these initiatives provide a continuous testing effort by as many ‘researchers’ as you want (from a select group to a world wide community) in a controlled way (you determine the scope). Furthermore, rather than paying for ‘time spent on the job’, you only offer rewards for actual impactful vulnerabilities. As this will be new for many organizations, the CCB authored a guide about establishing a CVDP, while publishing such a policy of their own on their site.

Calling upon a partner as Intigriti to set up a ‘bug bounty’ programme can be a big help, as they provide you with a community of vetted researchers, and take care of a structured handling process (including advice, communication channel, validating claims, etc.). That leaves you as an organization free to focus on its internal process of mitigating those vulnerabilities.

Bluntly, CVDP and bug bounty programmes will not replace classic security measures, but may be regarded as absolutely necessary complements. Do consult this cybertalk to learn about the benefits and why these initiatives really are a must.

About the author
Guy Kindermans

Guy Kindermans

Information technology journalist
Guy Kindermans is a freelance journalist, specialized in information technology, privacy and business continuity. From 1985 to 2014 he was senior staff writer at Data News (Roelarta Media Group).
Join our podcast
Please choose your preferred listening platform and language

Spotify

EN

FR

NL

Apple

EN

FR

NL

Join our newsletter

Cyber Pulse keeps you up-to-date on the latest cybersecurity news, community actions and member stories.