ITSPmagazine Podcast

Starting or Running a Vulnerability Disclosure Program? Here’s What To Do Next | Redefining Responsible Disclosure With Chloé Messdaghi And John Jackson

Episode Summary

If a tree falls in a forest and no one is around to hear it, does it make a sound? Yes and no, it depends on who you ask. In our case, the answer is a solid FOR SURE. Especially once we consider the squirrels that live in the said forest — the criminal and the ethical ones. Listen up.

Episode Notes

If a tree falls in a forest and no one is around to hear it, does it make a sound? Yes and no, it depends on who you ask. In our case, the answer is a solid FOR SURE. Especially once we consider the squirrels that live in the said forest — the criminal and the ethical ones. Listen up.

In the cybersecurity community it is not uncommon to use the sentence: whether you are aware of it or not, you're already running a vulnerability disclosure program. But who is running it? Is it the cybercriminals that are exploiting the weakness in your system or a team that you have allowed to research and find those vulnerabilities before the bad guys/gals/bots get to it?

It is not by ignoring it or keeping it hidden from the public that the problem can be contained. Any business that operates and utilizes cyberspace knows that its environment's systems and data are always at risk — and prevention, with resiliency, may really be the only cure.

So yes, those falling trees make loud sounds — either you or someone else is there to hear it.

Someone will.

Once you realize the value of running a vulnerability disclosure program or are already running one, there are things discussed in this podcast that will help you get started or improve it.

You will find advice and tips that will work for your organization's unique risk appetite, security posture/maturity, and the current state, or non-existence, of a vulnerability disclosure program.

Our guests, Chloé Messdaghi and John Jackson, take us through some best practices. Setting up a program to succeed for all interested parties, defining the program's scope to set operating boundaries, and tuning the program to adjust to the changes your organization has experienced internally, in the market, and as part of the ever-growing threat landscape.

Listen up and pay attention to the noise of those falling trees and what good cyber squirrels can do for your business.

Guests
Chloé Messdaghi, InfoSec Advocate & Activist (@ChloeMessdaghi on Twitter)

John Jackson, AppSec Engineer @Shutterstock | Author of Corporate Cybersecurity (@johnjhacking on Twitter)

This Episode’s Sponsors

Imperva: https://itspm.ag/imperva277117988

Archer: https://itspm.ag/rsaarchweb

Resources
Disclose.io

To see and hear more Redefining Security content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-security

Are you interested in sponsoring an ITSPmagazine Channel?
https://www.itspmagazine.com/podcast-series-sponsorships