How Mature is Your Vulnerability Coordination?


Among the many best practices for security professionals is to have some process for handling inbound vulnerability reporting. So if someone finds a bug or exploit in a product or service, the company with the vulnerability is able to respond to a researcher and knows what to do with a report.

It's a topic that security industry luminary Katie Moussouris, chief policy officer at HackerOne, is well versed in, as she is the author of the Vulnerability Coordination Maturity Model.

Among the items that are included in the Vulnerability Coordination Maturity Model are assessments of organizational, engineering, communications, analytics and incentives that an organization has for handling bug reports.

In a video interview, Moussouris explains what the model is about and discusses other topics she covered in her presentation at this week's RSA conference.

Sean Michael Kerner is a senior editor at eSecurityPlanet and Follow him on Twitter @TechJournalist.