Responding to Hackers: Vulnerability Disclosures and Bug Bounties

PCI Community Meeting North America Special Podcast Recording:

SecurityMetrics Podcast | 79

Responding to Hackers: Vulnerability Disclosures and Bug Bounties

Ethical hackers and cybercriminals are not the same thing, and it can be beneficial to establish a channel to communicate with hackers trying to alert you to vulnerabilities.

Ilona Cohen, Chief Legal and Policy Officer at Hacker One, and Harley Geiger, Counsel at Venable LLP, sit down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) at the PCI Community Meeting North America to discuss:

• Hackers vs. cybercriminals
• Vulnerability disclosure policies (VDPs) vs. bug bounties
• PCI DSS post-disclosure obligations

‍

Resources:

Download our Guide to PCI Compliance! - https://www.securitymetrics.com/lp/pci/pci-guide

Download our Guide to HIPAA Compliance! - https://www.securitymetrics.com/lp/hipaa/hipaa-guide

‍

[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.