Security Pros Value Disclosure ... Sometimes
Security professionals will coordinate disclosure with researchers but may keep their self-discovered vulnerabilities secret, a new study shows.
Honesty is a virtue, say most cybersecurity professionals. That's true even when the honesty involves disclosing vulnerabilities, with 90% of professionals saying that disclosure is a "public good" that increases transparency and improves overall IT security.
The bias toward disclosure is shown in the results of a recent survey conducted by 451 Research and sponsored by Veracode. According to the report, 37% of organizations have received unsolicited disclosures in the last 12 months and, of those, 90% publicly disclosed the vulnerabilities in coordination with the researcher(s) who discovered the issue.
Even so, only 9% of those who identified their own vulnerability opted to make a full disclosure.
For more, read here.
Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "The 20 Worst Metrics in Cybersecurity."
About the Author(s)
You May Also Like
Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024Why Effective Asset Management is Critical to Enterprise Cybersecurity
May 21, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024