Security teams are constantly striving to reduce organizational risk, yet vulnerabilities – and failure to remediate them – cause 60% of the cyber-attacks that organizations face today.

Reversing this trend requires a holistic approach that targets both leading indicators and the “leading indicators of leading indicators.” Three new tools have emerged that can have a significant impact when used in parallel: Vulnerability Disclosure Programs, Bug Bounty Programs, and Cyber Ratings that enable the continuous monitoring of any entity’s external environment. Previously available to only the largest software companies, or not available at all, today organizations of all shapes and sizes, spanning all industries, are using them with compelling results.

In this educational online workshop you will learn:

  1. What are vulnerability disclosure programs and bug bounties?
  2. What organizations use them and what compliance frameworks require them
  3. Best practices for rolling out bounty and disclosure programs
  4. Signals included in these programs that can help assess risk
  5. What are cyber ratings?
  6. How cyber ratings work and the use-cases they can support
  7. How these tools and programs, collectively, can help with third-party risk and cyber insurance

In addition, participants will get a glimpse of what we believe to be the first security scorecard to include signals from running disclosure and bounty programs.


Mike Wilkes CISO, SecurityScorecard
Alex Rice CTO & Co-founder, HackerOne

Register Now

Share Event:

If you have any questions, please email