Skip to content

Coordinated Vulnerability Disclosure

Coordinated Vulnerability Disclosure

Enable users and researchers to report vulnerabilities through a Coordinated Vulnerability Disclosure Policy and strengthen your IT security.

Read more
// Coordinated Vulnerability Disclosure

Prevention is better than cure

A company effectively organizes its business activities with business processes that incorporate control and security measures. IT products and services support the business processes and employees direct the processes. With this, a company aims to prevent vulnerabilities during the operation.

When developing IT products and services, testing takes place at the end of each step. In the IT development process, DevSecOps, special attention is paid to taking effective management and security measures “by design”. The developers carry out tests on the correct functioning of the measures taken. Yet in IT products and services, as well as in their implementation in the organization, vulnerabilities remain that are found by researchers, ethical hackers.

It is essential that the company is informed about the vulnerabilities, assesses the impact on business operations and takes additional measures to remove the vulnerabilities. If this process does not go well, the researchers (such as hackers) may publish the vulnerabilities on public forums and cybercriminals can easily exploit the vulnerabilities.

Such a scenario threatens business continuity. This can be organized with a Coordinated Vulnerability Disclosure.

Get started with your CVD

Based on this white paper, company management can vigorously and effectively organize the CVD control and security measure.

Download here (pdf)
// Coordinated Vulnerability Disclosure

How to organize your CVD?

  • 01. Start following a workout. The training gives you background information and a practical step-by-step plan.
  • 02.Then define the CVD policy as part of the broader security policy.
  • 03. Publish the CVD statement or CVD policy on your website.
  • 04. Appoint a CVD coordinator and internally organize the tasks, authorities and responsibilities. When allocating tasks, it may be desirable to use external capacity.
  • 05. Review the scripts, contracts and documents needed to effectively fix vulnerabilities and build lasting relationships with ethical hackers. Special attention is paid to making appropriate CVD agreements with suppliers of IT-driven products and services.
  • 06. Organize ethical hackers’ focus on testing infrastructure, applications and deployments for vulnerabilities.
  • 07. Make agreements with the CVD coordinator about periodic reporting of identified vulnerabilities and taking additional and appropriate measures.

CVD costs are included in the MYOBI user license. Of course you, or one of our suppliers, can contact us for any support.

// Coordinated Vulnerability Disclosure

An imaginative value proposition

Cyber ​​criminals will exploit the vulnerabilities and use it to blackmail the company. To prevent this, the cooperation of the supplier of IT products and services is required. They can remove the vulnerabilities. Adequate agreements with IT suppliers can limit and prevent many liability and cost risks. Actively applying the CVD measures makes the company an attractive partner to do business with.

// Coordinated Vulnerability Disclosure

Frequently Asked Questions

What is Coordinated Vulnerability Disclosure?

Coordinated Vulnerability Disclosure (CVD) or responsible disclosure is the joint disclosure of ICT vulnerabilities between the reporter and the organization. Anyone can make a responsible disclosure report to a company, government agency or other organization. The organization then has the opportunity to resolve the vulnerability.

How does a Coordinated Vulnerability Disclosure work?

Why do I need a Coordinated Vulnerability Disclosure?

// Feel free to contact us to discuss your question or need

Need help?

Please, contact us