The number of devices connected to the internet is growing daily. On top of that: the speed at which software and updates are released is increasing, which creates a great battlefield for criminal hackers to attack.
Small businesses and big enterprises are heavily influenced by changes in cyber security: any company which has an online presence, has intense pressure and responsibility to keep these aspects safe. That’s why being aware of the importance of your system security is crucial. A Coordinated Vulnerability Disclosure policy can be just the right asset for you to do that as it is rather easy to implement, and we support you throughout the process.
A worldwide network of reporters working with you to diagnose your systems and eliminate bugs.
Disclosure is a low-cost method and a reliable replacement for more costly system-check methods.
Being open to receive vulnerability reports shows your clients their information is safe with you.
Coordinated Vulnerability Disclosure is a form of disclosure: the transfer of information from an external source to a company or organisation, in this case regarding the security of IT systems. There are four ways a researcher or criminal can handle the information of a vulnerability:
the researcher or criminal keeps the information to themselves.
Often because they either fear legal repercussions when sending in or to use the vulnerability as leverage.
the researcher or criminal shares only a limited amount of information to a limited number of parties. This puts pressure on companies to quickly fix the vulnerability to prevent exploitation.
the researcher or criminal releases the vulnerability publicly. This puts companies at risk if they cannot resolve the issue fast enough.
the researcher directly contacts the company with a report that isn’t shared publicly until the vulnerability is fixed.
With Coordinated Vulnerability Disclosure, the vulnerability is only disclosed when it is fixed or after a certain period of time. Organisations can then fix the vulnerability or assess associated business risks that may come from it.
With Coordinated Vulnerability Disclosure, the vulnerability is only disclosed when it is fixed or after a certain period of time. Organisations can then fix the vulnerability or assess associated business risks that may come from it, allowing for organisations to go one step beyond.
Nowadays, software is released almost continuously. This is great for business and boosts company responsiveness, but can leave the software not thoroughly tested. Coordinated Vulnerability Disclosure provides a solution for this by providing constant and dynamic feedback on the security of your systems, regardless of how fast your releases are.
A Coordinated Vulnerability Disclosure Policy provides the best protection for companies against exploitation or data leakages while also protecting researchers with helpful intentions against legal repercussions.
A Coordinated Vulnerability Disclosure program sets up guidelines for researchers on what to report vulnerabilities on and how you’ll handle them.This program gives the researcher guidelines and a framework within which they can start their investigation. It also creates transparency about how the vulnerabilities are disclosed: the researcher directly contacts the company with a report that isn’t shared publicly until the vulnerability is fixed. By starting a Coordinated Vulnerability Disclosure program, you make clear what type of vulnerabilities you’re looking for and what you promise to do with a report.
Handling many reports - about many vulnerabilities - can become overwhelming. A dedicated platform allows researchers to report vulnerabilities without you needing to set up additional security infrastructure.
Zerocopter is the leading enterprise application security platform, empowered by the world’s best ethical hackers. We’ll provide you with a dedicated platform and a Triage Team of security experts. Reports via the Coordinated Vulnerability Disclosure Policy workflow are reviewed by our Triage Team. This means you are only confronted with valid reports about real vulnerabilities. You can choose to pay rewards to individuals who report a valid vulnerability via the Coordinated Vulnerability Disclosure Policy.