News Column

Bugcrowd Offering Open Source Responsible Disclosure Framework

July 31, 2014

Bugcrowd recently reported it publicly released a new guide for companies looking to set up their own responsible disclosure programs.

According to a media release, developed in collaboration with respected Washington, D.C.-area information security attorney Jim Denaro from CipherLaw, the new Creative Commons-licensed Open Source Responsible Disclosure Framework is designed to enable companies to set up a responsible disclosure program to more quickly and smoothly prepare their organization to work with the independent security researcher community, while reducing the legal risks to researchers and companies.

"Bugcrowd is all about connecting independent security researchers with companies big and small," said Casey Ellis, CEO and co-founder of Bugcrowd. "Security researchers are constantly finding new vulnerabilities in software, websites and applications of all sorts. The key to collaborating with independent security researchers and white hat hackers is establishing clarity and trust; this framework is one more way of ensuring that collaboration happens."

Bugcrowd noted that this new framework includes a responsible disclosure policy that provides additional legal assurances for independent security researchers who are looking for ways to responsibly disclose vulnerabilities in websites, applications or software. Policies such as these can help align the expectations of researchers and companies throughout the disclosure process. This policy is intended to be posted to a company's website or added to the Terms of Service for specific application or software, and can be adopted by most organizations with only a few small modifications.

"Security vulnerabilities threaten many critical systems, such as medical devices, automobiles, and systems that store personal confidential information," said Jim Denaro, founder of CipherLaw. "We need to ensure that independent researchers with the skills to find these vulnerabilities are not discouraged from reporting them because of the legal risks. This framework will help researchers to continue their important work."

Bugcrowd is a company focused on crowdsourced security testing for the enterprise.

More Information:

((Comments on this story may be sent to

For more stories covering the world of technology, please see HispanicBusiness' Tech Channel

Source: Professional Services Close - Up

Story Tools Facebook Linkedin Twitter RSS Feed Email Alerts & Newsletters