Home Cyber Security Asia 2021 Why You Need a Disclosure Program & How to Run One

Why You Need a Disclosure Program & How to Run One

Disclosure programmes allows an organization to be more transparent and it could help uncover security issues.

by Shah Farouq
386 views

Security researchers are also users of applications and sometimes, as they are browsing through applications (app), they tend to also find vulnerabilities or a security issue.

The question is who could the researcher contact or where could this researcher make a report to? Abhinav Mishra, CEO, ECIPHERS said that therefore a Responsible Disclosure Program is important for a company to have.

“Responsible Disclosure Program is basically an authorization which allows public to approach the company to report of a vulnerability or any other issues they have found in the application.

“It is also important for the company to mention how to disclose, who to disclose and where can they go disclose it too so it would be easier for the user to report the issue,” he said.

He also said if the companies starts this programme, they should make a very detailed policy so that the rules of engagement would be right.

The benefits that an organization could get from this is that the programme allows an organization to be more transparent and it could help uncover security issues.

“Using the disclosure programme will also help in improving the security baseline of your applications to avoid it from being a target by bad actors,” he said.

Related Articles

We use cookies to improve user experience, and analyze website traffic. For these reasons, we may share your site usage data with our analytics partners. By clicking “Accept Cookies,” you consent to store on your device all the technologies described in our Cookie Policy. Accept Read More

ESPC on the go

FREE
VIEW