The ACSC has released a new publication, Vulnerability Disclosure Programs to help organisations understand and address risks associated with identified vulnerabilities.
A Vulnerability Disclosure Program (VDP) includes processes designed to identify, verify, resolve and report on security vulnerabilities disclosed by people who may be internal or external to an organisation.
This guide gives organisations of all sizes important information to scope, develop and implement a VDP to improve their cyber security posture. It also ensures they are postured for success should a vulnerability be disclosed by an external source.
Organisations are encouraged to familiarise themselves with this publication and implement a VDP in their workplace.