Vulnerability Disclosure Programs. How to make a VDP work

  • Join the LiveStream
  • When: April 8, 2021 | 6 p.m. Central European Summer Time(UTC+02)

    Where: LiveStream

    Who: Ken Munro Partner and Founder at Pen Test Partners LLP

    Vulnerability Disclosure Programs. How to make a VDP work

    In this session we’ll share our experience of disclosing vulnerabilities. The good, the bad, and the downright shameful. You’ll also be given some choice insights into the process itself, with real examples, and how first contact does, in most cases lead to the vulnerability being fixed and rolled-out. Most importantly though we’ll guide you on what a VDP can look like, and how you should develop and manage one: >> A VDP is about culture and communication >> Empowering your Product Security Incident Response Team (PSIRT) >> Making Contact Easy >> Briefing Your Staff >> Keeping marketing & PR OUT of initial discussions >> Accepting Constructive Criticism >> Fixing The Vulnerability >> Bug Bounties >> Good VDP + responsible researchers = customer win

    About the Presenter:

    Ken is Partner and Founder of Pen Test Partners LLP, a firm of experienced penetration testers, otherwise known as ethical hackers. He regularly blogs on everything from hacking cars, vehicles, and car alarms, to the Internet of Things. He also writes for various news agencies and industry outlets in an effort to get beyond the unhelpful scaremongering put about by many security vendors. Ken has become a voice for reform and legislative change in the largely unregulated IoT, briefing UK and US government departments as well as being involved with various EU consumer councils. Twitter: @TheKenMunroShow @PenTestPartners

    Visit Speaker Profile