Menu
New guide aims to remove the drama of reporting software flaws

New guide aims to remove the drama of reporting software flaws

Bugcrowd worked with a legal firm, CipherLaw, to develop the framework

Handling a software flaw can be messy, both for a security researcher who found it and for the company it affects. But a new set of guidelines aims to make that interaction less mysterious and confrontational.

Large companies such as Facebook, Google and Yahoo have well defined "responsible disclosure" policies that lay out what is expected of researchers if they find a vulnerability and often the terms under which a reward will be paid.

But many companies don't, which can lead to problems and confusion. Security researchers have occasionally been referred to law enforcement even when they have been up front about the issue with a company.

The guidelines were developed by Bugcrowd, which has a platform companies can use to have their applications analyzed by independent researchers in a safe way and in some cases, reward them. Bugcrowd worked on the framework with CipherLaw, a legal firm specializing in technology.

They've released a short and lucid document on Github describing how companies should approach setting up a responsible disclosure program as well a boilerplate disclosure policy that can be included on a company's website.

The framework "is designed to quickly and smoothly prepare your organization to work with the independent security researcher community while reducing the legal risks to researchers and companies," according to an introduction on Github.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

Subscribe here for up-to-date channel news

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags CipherLawsecurityBugcrowd

Featured

Slideshows

Tight lines as Hooked on Lenovo catches up at Great Barrier Island

Tight lines as Hooked on Lenovo catches up at Great Barrier Island

​Ingram Micro’s Hooked on Lenovo incentive programme recently rewarded 28 of New Zealand's top performing resellers with a full-on fishing trip at Great Barrier Island for the third year​ in a row.

Tight lines as Hooked on Lenovo catches up at Great Barrier Island
Inside the AWS Summit in Sydney

Inside the AWS Summit in Sydney

As the dust settles on the 2017 AWS Summit in Sydney, ARN looks back an action packed two-day event, covering global keynote presentations, 80 breakout sessions on the latest technology solutions, and channel focused tracks involving local cloud stories and insights.

Inside the AWS Summit in Sydney
Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day

Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day

Ingram Micro hosted its third annual Cure Kids Charity Golf Tournament at the North Shore Golf Club in Auckland. In total, 131 resellers, vendors and Ingram Micro suppliers enjoyed a round of golf consisting of challenges on each of the 18 sponsored holes, with Team Philips taking out the top honours.

Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day
Show Comments