Security researchers are also users of applications and sometimes, as they are browsing through applications (app), they tend to also find vulnerabilities or a security issue.
The question is who could the researcher contact or where could this researcher make a report to? Abhinav Mishra, CEO, ECIPHERS said that therefore a Responsible Disclosure Program is important for a company to have.
“Responsible Disclosure Program is basically an authorization which allows public to approach the company to report of a vulnerability or any other issues they have found in the application.
“It is also important for the company to mention how to disclose, who to disclose and where can they go disclose it too so it would be easier for the user to report the issue,” he said.
He also said if the companies starts this programme, they should make a very detailed policy so that the rules of engagement would be right.
The benefits that an organization could get from this is that the programme allows an organization to be more transparent and it could help uncover security issues.
“Using the disclosure programme will also help in improving the security baseline of your applications to avoid it from being a target by bad actors,” he said.