EXECUTIVE TAKEAWAYS
■ Firms should use a cooperative approach, rather than an antagonistic one, with vulnerability researchers when they report their findings. ■ Firms should develop clearly written vulnerability disclosure policies that encourage vulnerability researchers to report their findings. ■ Firms should include safe harbor language in their vulnerability disclosure policies to encourage vulnerability researchers to report their findings. ■ Firms should consider implementing a bug bounty program to supplement their vulnerability disclosure policies.
Andy Green, Assistant Professor of Information Security Dejarvis Oliver, Ph.D. Graduate Amy Woszczynski, Professor of Information Systems
Made with FlippingBook - Online catalogs