Jump to content
Don.D

Every Business Needs a Vulnerability Disclosure Policy. Every. Single. Business.

Recommended Posts

Don.D

One of our regular columnists, Adrian Sanabria of Savage Security, tackles a topic that should be familiar to all organizations of any size but, unfortunately, many don't even know where to start in "Every Business Needs a Vulnerability Disclosure Policy. Every. Single. Business."

He offers examples of failures like Panera Bread and gives ways to create a Vulnerability Disclosure Policy (VDP) but more importantly a Vulnerability Handling Policy (VHP) for what to do (not if but) when issues are reported.

Quote

Every Business Needs a Vulnerability Disclosure Policy. Every. Single. Business.An anonymous report claims that a ton of your company’s customer data has been exposed. A sense of calm is in the air as you enact your vulnerability disclosure policy. You save the day, get a promotion and rainbows and unicorns fill the sky. Then you wake up!! You don’t have a vulnerability disclosure policy. Panic quickly washes away the sounds of harps.

You’ve got to verify this incident quickly, you’ve got to handle it (mitigation and disclosure) well and you need to carefully manage the narrative in case the story goes public. This isn’t one of those ‘2 out of 3 ain’t bad’ scenarios — you need to do all three. More than anything though, this information needs to get to the right people quickly to avoid making the problem worse. Who are the right people!?!?

Have you faced situations like? Does your organization have a vuln disclosure policy? Did you help then create it?

Share your experiences in the Comments Section of this article on EH-Net.

Don

Share this post


Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
×