Bridging security and innovation: GObugfree's pioneering VDP fosters secure collaboration ethical hackers and companies
Zurich, April 24, 2024 – GObugfree leads the way in Switzerland as the first to provide a free Vulnerability Disclosure Program (VDP). This program establishes a secure communication channel between businesses and ethical hackers, promoting more accountable handling of security vulnerabilities.
A clear protocol for cybersecurity
Aimed at improving communication between companies and the hacking community, GObugfree's VDP provides a structured process that enables ethical hackers to report vulnerabilities responsibly without risking prosecution. It bridges the gap between informal security.txt files and full-blown bug bounty programs by providing companies of all sizes with a clear and legally secure framework for reporting vulnerabilities.
Risk of unwanted disclosure of vulnerabilities without a VDP
Without a VDP, companies face the risk of security vulnerabilities going unreported or individuals taking their findings directly to the media. A VDP mitigates such risks by providing a secure and structured reporting process, akin to a customer hotline for cybersecurity concerns. In the case of Swisstransplant's organ donor registry, for example, such a process could have facilitated better communication among all involved parties.
Collaboration with the community of ethical hackers
"The VDP creates direct communication and a legal framework that provides security for both ethical hackers and organizations. This transparency is critical to fostering trusting collaboration and ensuring that reports can be made without fear of legal repercussions," explains Marcel Eyer, Co-CEO of GObugfree.
With the introduction of our free VDP, we are paving the way for more intensive use of ethical hackers in the cybersecurity ecosystem
The "see it, say it" of cybersecurity
The program aligns with federal recommendations to promote ethical hacking, recognizing it as an essential component of the cybersecurity ecosystem. This approach enables anyone who detects a security issue to report it quickly and securely. Establishing clear and legal reporting channels not only enhances organizational responsiveness but also reduces the likelihood of vulnerabilities going unreported. It strengthens the trust between companies and the hacker community, thus becoming an indispensable part of a comprehensive cybersecurity strategy.
The foundation for a more secure digital Switzerland
"With the introduction of our free VDP, we are paving the way for a more intensive use of ethical hackers in the cybersecurity ecosystem," explains Marcel Eyer. "This program lays the foundation for a more comprehensive security strategy and marks the first step towards strengthening the national security infrastructure in a sustainable way."
Start now with an own free Vulnerability Disclosure Program
With a Vulnerability Disclosure Program (VDP) you show that your organization takes vulnerabilities seriously.
GOvdp establishes guidelines and processes to ensure that external security researchers or people who have discovered vulnerabilities can report them responsibly.