HackerOne launches vulnerability model for dealing with discovered flaws

News by Ashley Carman

Bug bounty programme provider HackerOne released its "Vulnerability Coordination Maturity Model" on Tuesday to help companies assess and handle vulnerabilities in their systems.

Bug bounty programme provider HackerOne released its “Vulnerability Coordination Maturity Model” on Tuesday to help companies assess and handle vulnerabilities in their systems.

Described as a “new and practical open guide” to help organisations “measure, benchmark and improve their vulnerability handling capabilities when someone reports a security bug to them,” HackerOne wrote in a blog post that this model stemmed from a gap in “practical guidance in vulnerability coordination.”

The model looks at five areas: organisational, engineering, incentives, communications and analytics. At the organisational level, for instance, the most basic vulnerability coordination requires executive support, whereas the most technical, or expert level, requires dedicated personnel.

“Each vulnerability reported to you isn't necessarily a crisis, but it's something to remind you that code is written by humans, who are flawed, yet we are also great at improving ourselves when motivated and given guidance to do so,” the blog post noted.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming Events