Security Pros Value Disclosure ... Sometimes
Security professionals will coordinate disclosure with researchers but may keep their self-discovered vulnerabilities secret, a new study shows.
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/bltc94608acf452fd67/655cf371ab171e040a838b2a/329050_DR23_Graphics_Website_V5_Default_Image_v1.png?width=1280&auto=webp&quality=95&format=jpg&disable=upscale)
Honesty is a virtue, say most cybersecurity professionals. That's true even when the honesty involves disclosing vulnerabilities, with 90% of professionals saying that disclosure is a "public good" that increases transparency and improves overall IT security.
The bias toward disclosure is shown in the results of a recent survey conducted by 451 Research and sponsored by Veracode. According to the report, 37% of organizations have received unsolicited disclosures in the last 12 months and, of those, 90% publicly disclosed the vulnerabilities in coordination with the researcher(s) who discovered the issue.
Even so, only 9% of those who identified their own vulnerability opted to make a full disclosure.
For more, read here.
Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "The 20 Worst Metrics in Cybersecurity."
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024