MoinQ:

1. VDP

について、ここに記述してください。

A vulnerability disclosure program (VDP) is a welcome mat for concerned citizens to report security vulnerabilities. Every organization should have a VDP.

https://www.cyberscoop.com/cisa-vulnerability-disclosure-order/

government DHS issues draft order to require vulnerability disclosure policies at civilian agencies

Regulators often view deploying a VDP as minimal due diligence, but running a VDP is a pain.

A VDP looks like this: Good-faith security researchers tell you your stuff is broken, give you 90 days max to fix it, and when the time is up they call their favorite journalist and publish the complete details on Twitter, plus a talk at Black Hat or DEF CON if it's a really juicy bug.

1.1. bugcloud

What’s a Vulnerability Disclosure Program? https://www.bugcrowd.com/blog/whats-a-vulnerability-disclosure-program/

https://ww2.bugcrowd.com/resources-webinar-why-every-company-should-have-a-vulnerability-disclosure-program

1.2. adobe

https://hackerone.com/adobe

1.3. hackerone

Vulnerability Disclosure Guidelines https://www.hackerone.com/disclosure-guidelines