Coordinated Vulnerability Disclosure
Enable users and researchers to report vulnerabilities through a Coordinated Vulnerability Disclosure Policy and strengthen your IT security.
Prevention is better than cure
A company effectively organizes its business activities with business processes that incorporate control and security measures. IT products and services support the business processes and employees direct the processes. With this, a company aims to prevent vulnerabilities during the operation.
When developing IT products and services, testing takes place at the end of each step. In the IT development process, DevSecOps, special attention is paid to taking effective management and security measures “by design”. The developers carry out tests on the correct functioning of the measures taken. Yet in IT products and services, as well as in their implementation in the organization, vulnerabilities remain that are found by researchers, ethical hackers.
It is essential that the company is informed about the vulnerabilities, assesses the impact on business operations and takes additional measures to remove the vulnerabilities. If this process does not go well, the researchers (such as hackers) may publish the vulnerabilities on public forums and cybercriminals can easily exploit the vulnerabilities.
Such a scenario threatens business continuity. This can be organized with a Coordinated Vulnerability Disclosure.
Get started with your CVD
Based on this white paper, company management can vigorously and effectively organize the CVD control and security measure.
How to organize your CVD?
CVD costs are included in the MYOBI user license. Of course you, or one of our suppliers, can contact us for any support.
An imaginative value proposition
Cyber criminals will exploit the vulnerabilities and use it to blackmail the company. To prevent this, the cooperation of the supplier of IT products and services is required. They can remove the vulnerabilities. Adequate agreements with IT suppliers can limit and prevent many liability and cost risks. Actively applying the CVD measures makes the company an attractive partner to do business with.
Frequently Asked Questions
Coordinated Vulnerability Disclosure (CVD) or responsible disclosure is the joint disclosure of ICT vulnerabilities between the reporter and the organization. Anyone can make a responsible disclosure report to a company, government agency or other organization. The organization then has the opportunity to resolve the vulnerability.
// Feel free to contact us to discuss your question or need