Every Business Needs a Vulnerability Disclosure Policy. Every. Single. Business.

This topic contains 1 reply, has 2 voices, and was last updated by  Erich Kron 12 months ago.

  • Author
    Posts
  • #168261
     Adrian Sanabria 
    Participant

    An anonymous report claims that a ton of your company’s customer data has been exposed. A sense of calm is in the air as you enact your vulnerability
    [See the full article at: Every Business Needs a Vulnerability Disclosure Policy. Every. Single. Business.]

  • #168463
     Erich Kron 
    Participant

    Well said as always Adrian. This part really hits home for me:

    Go — look at your company’s website. Consider its products and applications. How would the general public report an issue? How easy is it to find the right contact information when starting with zero knowledge? Who are the recipients of these emails? Would they forward a critical security report to the right person internally or would they consider it a scam and delete it?

    I’ve been in organizations that, due to the inability to find an easy way to report something, the reporting individual starts picking names they *think* are the right people and just begin to send random emails/messages to these folks throughout the organization. This generated a lot of messages that eventually make it to the correct person, but they came from a lot of different fronts. This caused confusion and additional stress, especially for those that did not understand the nature or severity of the vulnerability.

    Let’s just say that your marketing department may be easy to find, but are not typically the folks you want handling vulnerability reporting. To use a technical term, it tends to get them kerfluffeled and, when dealing with internal issues, the kerfluffling of the marketing department should be avoided at all costs.

You must be logged in to reply to this topic.

Copyright ©2019 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?