Instituting a vulnerability disclosure program (aka bug bounty program) that won’t blow up in the organization’s face can be a daunting task.
Some will prefer to enlist outside experts to advise them on how to do it, and others will want to rely on their own IT or security department.
For the latter, here’s some good news: the US Department of Justice has just released a guidance document for adopting a vulnerability disclosure program for online systems.
View Full Story
ORIGINAL SOURCE: Help Net Security