Ken Munro will be presenting: Time TBC.
A YouTube live stream link will be provided closer to the event.
Vulnerability Disclosure Programs. How to make a VDP work
In this session we’ll share our experience of disclosing vulnerabilities. The good, the bad, and the downright shameful. You’ll also be given some choice insights into the process itself, with real examples, and how first contact does, in most cases lead to the vulnerability being fixed and rolled-out.
Most importantly though we’ll guide you on what a VDP can look like, and how you should develop and manage one:
- A VDP is about culture and communication
- Empowering your Product Security Incident Response Team (PSIRT)
- Making Contact Easy
- Briefing Your Staff
- Keeping marketing and PR OUT of initial discussions
- Accepting Constructive Criticism
- Fixing The Vulnerability
- Bug Bounties
- Good VDP + responsible researchers = customer win