Someone Emailed Me Claiming He Found a Vulnerability. Now What?!


Download It's a nerve-wracking situation - one that we've all seen in the news too many times - that most teams would rather not deal with, especially if the hacker is demanding payment. After all, your team will have to spend time validating the bug, then see if the vulnerability is actually worth anything, and then figure out if the hacker is legit. And if the hacker goes rogue, then you'll be making the news - and not in no nice way.

Short of panicking or ignoring the potential threat, what you can do is more accurately assess how much a bug is worth with this guide. In it, we'll show you how vulnerabilities should be prioritized on a scale of 1 to 5 based on your organization's security maturity and whether a cash reward is warranted.

Armed with this guide, you and your team have will have concrete steps for dealing with vulnerability findings, especially if you're thinking of setting up a responsible disclosure program or already have one and aren't sure of market rates for bugs.

0 Comment

Leave a Reply

Captcha image


  • 5300c769af79e

    Weekly Rewind: How to become a cyborg, super strong iPhones, and more

    T-Mobile now has fastest LTE download speeds of four big carriers, study shows For a long time, T-Mobile has been on the lower end of the big four carriers in terms of connectivity and speed.The Un-carrier has come a long way — it now rates the second highest in customer satisfaction, and offers the fastest LTE downloads in the U.
  • 5300c769af79e

    Verizon Caves, Launches New Unlimited Data Plan

    The company on Sunday announced its own unlimited smartphone option while keeping alternatives open for lighter data users.After 22 MB of data usage, Verizon may "prioritize" customers in the event of network congestion.
  • 5300c769af79e

    5 IT Talent, Staffing Fails To Avoid

    Every year, InformationWeek releases the Elite 100 -- a ranking of the nation's most innovative users of business technology.] The survey, which is open only to Elite 100 applicants, polled US-based companies and higher education institutions that have $250 million or more in revenue.
  • 5300c769af79e

    Pokemon Go Japan Launch Delayed Because of...McDonald's?

    Japanese gamers suffered a minor Pokemon Go setback this week: Game maker Niantic postponed today's scheduled release following an email leak.Citing a source "close to the launch," TechCrunch said the title's afternoon arrival has been cancelled after internal communication abouthe launch from sponsor McDonald's Japan hit the Web.