NIST SP 800–53 R5 adds Vulnerability Disclosure Programs to Federal Security and Privacy Controls | @Bugcrowd

  • Publicly discoverable channels and policies
  • Explicit authorization of good-faith security research
  • Absence of non-disclosure as a condition of authorization of testing in public programs, and
  • Timeline-driven Coordinated Vulnerability Disclosure (CVD) practices

--

--

founder/chairman/cto @bugcrowd and co-founder of @disclose_io. troubleshooter and troublemaker. 0xEFC513EA

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
caseyjohnellis

caseyjohnellis

founder/chairman/cto @bugcrowd and co-founder of @disclose_io. troubleshooter and troublemaker. 0xEFC513EA