To create greater transparency, the report recommended building a culture of openness, avoiding assigning blame when incidents happen, providing third-party researchers with a clear process for reporting vulnerabilities, and taking an open approach to stakeholders should a breach occur.
Not admitting weaknesses and asking for help fixing them can cause significant damage to a brand should a "secret" vulnerability be exploited, the report explained. Distrust between organizations and third-party researchersĪccording to survey data gathered for the report from 800 security leaders, 64% maintain a culture of security through obscurity. To demonstrate a company is adhering to best practices, the report recommended it commit to the four tenants of corporate security responsibility: transparency, collaboration, innovation, and differentiation. Demonstrating secure best practices is now a competitive differentiator. Organizations are increasingly scrutinizing the practices of their suppliers, basing procurement decisions on security credentials and switching suppliers should the company have experienced a security incident, the report noted. HackerOne, a bug bounty platform provider, offered a blueprint for greater corporate security responsibility and called for a shift from secrecy to transparency when dealing with vulnerabilities in a report released Thursday.
0 kommentar(er)
