- Businesses prioritize speed to market over secure coding and testing practices in the development lifecycle. As a result, vulnerabilities exist naturally in software.
- To improve overall system security, organizations are leveraging external security researchers to identify and remedy vulnerabilities, so as to mitigate the overall security risk.
- A primary challenge to developing a coordinated vulnerability disclosure (CVD) program is designing repeatable procedures and scoping the program to the organization’s technical capacity.
Our Advice
Critical Insight
- Having a coordinated vulnerability disclosure program is likely to be tomorrow’s law. With pressures from federal government agencies and recommendations from best-practice frameworks, it is likely that a CVD will be mandated in the future to encourage organizations to be equipped and prepared to respond to externally disclosed vulnerabilities.
- CVD programs such as bug bounty and vulnerability disclosure programs (VDPs) may reward differently, but they have the same underlying goals. As a result, you don't need dramatically different process documentation.
Impact and Result
- Design a coordinated vulnerability disclosure program that reflects business, customer, and regulatory obligations.
- Develop a program that aligns your resources with the scale of the coordinated vulnerability disclosure program.
- Follow Info-Tech’s vulnerability disclosure methodology by leveraging our policy, procedure, and workflow templates to get you started.
Design a Coordinated Vulnerability Disclosure Program Research & Tools
Start here – read the Executive Brief
Read our concise Executive Brief to find out why you should design a coordinated vulnerability disclosure program, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.Besides the small introduction, subscribers and consulting clients within this management domain have access to:
- Design a Coordinated Vulnerability Disclosure Program – Phases 1-2
1. Assess goals
Define the business, customer, and compliance alignment for the coordinated vulnerability disclosure program.
- Design a Coordinated Vulnerability Disclosure Program – Phase 1: Assess Goals
- Information Security Requirements Gathering Tool
2. Formalize the program
Equip your organization for coordinated vulnerability disclosure with formal documentation of policies and processes.
- Design a Coordinated Vulnerability Disclosure Program – Phase 2: Formalize the Program
- Coordinated Vulnerability Disclosure Policy
- Coordinated Vulnerability Disclosure Plan
- Coordinated Vulnerability Disclosure Workflow (Visio)
- Coordinated Vulnerability Disclosure Workflow (PDF)
Buying Options
Design a Coordinated Vulnerability Disclosure Program
€81.50
(Excl. 21% tax)
Client rating
10.0/10 Overall Impact
Cost Savings
$10,000 Average $ Saved
Days Saved
20 Average Days Saved