What is Responsible Disclosure?

Learn More

Responsible Disclosure Limits Risk

When a vulnerability is discovered, researchers are quick to look for ways to disclose it to your security team. But if an obvious reporting channel is unavailable, researchers are faced with the choice of either doing nothing or disclosing the vulnerability publicly—both of which are extremely undesirable.

Responsible Disclosure Quote by Megan Brown
Responsible Disclosure and the Vulnerability Lifecycle

Responsible disclosure makes it easy and safe for vulnerability reporting

A responsible disclosure policy provides researchers with a clear and easy path to alert your security team of a potential vulnerability. It defines what properties are in or out of bounds, what types of vulnerabilities should and shouldn’t be reported, and provides the disclosure method.

Responsible Disclosure is recommended and deployed by Government agencies globally

Because responsible disclosure policies are an easy way to discover unknown vulnerabilities, every organization should have one. The Department of Defense hosts their program on HackerOne. That’s why they’re recommended by the U.S Department of Justice, promoted by General Motors, and endorsed by everyone from the European Commission to the U.S Food & Drug Administration. And it’s why you need to have a responsible disclosure policy in place now. What’s your plan for responsible disclosure?

Responsible Disclosure Clients

Trusted Globally

Download Now

Related Resources

Vulnerability Disclosure Policy Basics
5 critical elements of a Vulnerability Disclosure Policy
Read More>
Voices of VDP
Learn More>