Why Governments Need Coordinated Vulnerability Disclosure Programs

by Dan Lohrmann

Back in July 2016 at the first-ever Billington Global Automotive Cybersecurity Summit in Detroit, I moderated a panel session titled: “Securing the Car Through Vulnerability Testing and Coordinated Disclosure Programs.”

The topic of our session, stated in terms that you may have heard more frequently, was why (and how) the automotive sector (as well as other industries) is starting to offer “bug bounties” to improve its products and services. And this topic is only growing more intense as we close out 2016 impacting more public- and private-sector organizations around the world.

One of my upcoming predictions for 2017 (yes – this is a sneak preview with more coming later this month) will be that governments and other critical infrastructure sectors will be setting up coordinated vulnerability disclosure programs and starting to offer more bug bounties. I also think bug bounties will become an important component to securing Internet of Things (IoT) devices, smart cities and much more.

View the panel discussion here.