Blog

Home > Blog > Response

Response

Browse by Category

Recent Posts

Streamline Every Aspect of Your Responsible Disclosure Policy with HackerOne…

HackerOne Response is our turnkey solution offering enterprise-grade security and conformance with ISO-29147 (vulnerability disclosure) and ISO-30111 (vulnerability handling). It allows vulnerability management teams to work directly with external third-parties to resolve critical security vulnerabilities before they can be exploited.

HackerOne
Read More

What is a Responsible Disclosure Policy and Why You Need One

This article will answer the simple question of what a vulnerability disclosure policy is, what’s included in a good policy, which organizations have a VDP today, and which government agencies have published guidance on VDPs.

HackerOne
Read More

AlienVault streamlines their vulnerability disclosure with HackerOne Response

HackerOne is helping AlienVault manage incoming reports, triage them, and automatically create tickets on their internal ticketing system for only the valid reports.

luke
Read More

CERT: People and Process are Essence of Coordinated Vulnerability Disclosure

We recently held an Ask Me Anything with the co-authors of The CERT Guide to Coordinated Vulnerability Disclosure (CVD). The CERT Coordination Center’s Allen D. Householder, Threat Ecosystem Analysis Team Lead, and Art Manion, Vulnerability Analysis Technical Manager, shared their thoughts on the creation of their guide as well as many of the specific points within the guide.

luke
Read More

The Voices of Vulnerability Disclosure: Look Who’s Talking About VDPs

The attention being given to vulnerability disclosure policies (VDP) in the past year has increased dramatically. It might be the latest high-profile breach that sparks a comment, but more and more, it’s the attitude that VDPs aren’t just nice-to-haves, they’re critical tools for every cyber security team.

luke
Read More

Your TL;DR Summary of The CERT Guide to Coordinated Vulnerability Disclosure

The CERT Coordination Center at Carnegie Mellon University’s Software Engineering Institute (SEI) recently released The CERT Guide to Coordinated Vulnerability Disclosure. It is an amazingly detailed, clever, and complete guide to explaining the need for coordinated vulnerability disclosure (CVD). We've done our best to give you the cliff notes and even included some additional helpful resources at the end.

luke
Read More

US Deputy Attorney General Recommends Every Company Create a Vulnerability…

Rod J. Rosenstein, Deputy Attorney General at the Global Cyber Security Summit in London encourages all companies to consider promulgating a vulnerability disclosure policy, that is, a public invitation for white hat security researchers to report vulnerabilities.

luke
Read More

Vulnerability Disclosure Policy Basics: 5 Critical Components

Vulnerabilities are found every day by security researchers, friendly hackers, customers, academics, journalists, and tech hobbyists. Because no system is entirely free of security issues, it's important to provide an obvious way for external parties to report vulnerabilities.

luke
Read More

Webinar Recap: Attorneys Chime in on Hacker-Powered Security

To learn more about how legal teams and federal enforcers view hacker-powered security, we asked Megan Brown, partner, and Matthew Gardner, attorney, from the Privacy & Cybersecurity Practice at Wiley Rein LLP, a Washington, DC-based firm to present at our webinar, Invitation to Hack: Vulnerability Disclosure Programs.

luke
Read More

HACK THE PENTAGON AGAIN - AND AGAIN

The Department of Defense announced plans to expand upon the successful "Hack the Pentagon" bug bounty pilot launched earlier this year with HackerOne and Synack.

HackerOne
Read More