1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Organizations get vulnerability maturity model

Discussion in 'CSO' started by RSS, Sep 22, 2015.

  1. RSS

    RSS New Member Member

    Despite the age of the argument, disclosure is still a hot topic. However, some organizations aren't ready to deal with researchers who disclose vulnerabilities.

    Now, HackerOne is offering organizations a chance to discover their maturity level when faced with such a situation.

    The tool is called the Vulnerability Coordination Maturity Model (VCMM).

    Created by Katie Moussouris, HackerOne Chief Policy Officer, all an organizations has to do is answer a few questions, and they'll get an overview of where they stack-up against their peers when it comes to the disclosure process and vulnerability mitigation.

    Considering that recent events with FireEye have brought the topic of bounty programs and the disclosure process back to center stage, organizations that don't have a process in place to deal with disclosure can use the HackerOne tool as a conversation starter within the company.

    To read this article in full or to leave a comment, please click here

    Continue reading...
     

Share This Page