Vulnerability Disclosure Policy Basics for The Financial Services Industry: 5 Critical Components Every Policy Needs

"We need to move to a world where…all companies providing internet services and devices adhere to a vulnerability disclosure policy." - Julian King, Security Union Commissioner, European Commission 

In 2019, all financial services firms - regardless of location or size - need to draft and publish a clear vulnerability disclosure policy (VDP), or responsible disclosure policy, to effectively partner with the creative and intelligent security community and reduce the risk of a security incident by finding and fixing critical security vulnerabilities before they fall into the wrong hands.  

Regardless of where and how you publish your VDP - on HackerOne or as a standalone policy on your organization’s website - the time is now to join leaders in the financial services sector, such as Goldman Sachs and American Express, and prioritize a vulnerability disclosure policy for your organization in 2019.

These are just a few of the organizations providing guidance on VDPs: the Department of Justice, the United States Department of Defense, Food and Drug Administration, National Highway Traffic Safety Administration, National Telecommunications and Information Administration, National Institute of Standards and Technology, and Federal Trade Commission.

The International Organization for Standardization, ISO/IEC 29147:2014 has also provided guidelines for the disclosure of potential vulnerabilities in products and online services.

Read the e-book to get all the details you need to implement a complete and compliant policy.