A vulnerability disclosure program is a process that allows security researchers to report security flaws directly to your organization. All too often, security professionals find problems with a site they frequent online or that they found incidental to other work, and they are left with no way to report these problems. Even worse, sometimes these professionals are met with negative responses and accusations when they are simply trying to be helpful.
A vulnerability disclosure program allows for this kind of information to be received in an orderly way from the public and responded to.
There are a lot of ways to implement a vulnerability disclosure program. You can accept requests via email, webform, and various other means. Coalition recommends our insureds use HackerOne as a free method to manage their vulnerability disclosure program. HackerOne offers the ability to set up "bug bounties" to encourage and recruit security professionals for your program, as well as managing the communications between your team and the security professional.
Coalition policyholders can access the Coalition HackerOne App directly from your policyholder dashboard. As always, Coalition is here to help you on your way. Please reach out to us for additional information!