Someone Emailed Me Claiming He Found a Vulnerability. Now What?!


Download It's a nerve-wracking situation - one that we've all seen in the news too many times - that most teams would rather not deal with, especially if the hacker is demanding payment. After all, your team will have to spend time validating the bug, then see if the vulnerability is actually worth anything, and then figure out if the hacker is legit. And if the hacker goes rogue, then you'll be making the news - and not in no nice way.

Short of panicking or ignoring the potential threat, what you can do is more accurately assess how much a bug is worth with this guide. In it, we'll show you how vulnerabilities should be prioritized on a scale of 1 to 5 based on your organization's security maturity and whether a cash reward is warranted.

Armed with this guide, you and your team have will have concrete steps for dealing with vulnerability findings, especially if you're thinking of setting up a responsible disclosure program or already have one and aren't sure of market rates for bugs.

0 Comment

Leave a Reply

Captcha image


  • 5300c769af79e

    Cloud Vendor Lock-In a Risk Worth Taking

    Fears of vendor lock-in should not get in the way of cloud deployments, especially when it comes to platforms such as Amazon Web Services and Microsoft Azure.On the other hand, Bartels said companies must carefully evaluate relationships with CRM providers such as Salesforce and Oracle.
  • 5300c769af79e

    PARC CEO, Experts Discuss Digital Transformation

    At Gartner Symposium ITxpo 2016, the CEO of PARC brought three experts on stage to talk about digital transformation.Xerox PARC (now known as "PARC, a Xerox Company") has a long and storied history in the computer industry.
  • 5300c769af79e

    Thursday Poll: Do You Use Multi-Window?

    We were toying around with Picture-in-Picture on the latest build of Android O yesterday, but in doing so I was reminded that I hardly ever use multi-window functionality on my Android devices.Will Picture-in-Picture be any different for me?
  • 5300c769af79e

    New Balance's RunIQ Android Wear Watch is Now Available

    The New Balance RunIQ Android Wear smartwatch is now available for purchase.First announced at last year’s CES before becoming a real product at this year’s CES, the watch is supposedly “made by runners for runners.