Simple quiz offers a baseline for organizations looking to deal with disclosure issues Credit: Thinkstock Despite the age of the argument, disclosure is still a hot topic. However, some organizations aren’t ready to deal with researchers who disclose vulnerabilities.Now, HackerOne is offering organizations a chance to discover their maturity level when faced with such a situation.The tool is called the Vulnerability Coordination Maturity Model (VCMM).Created by Katie Moussouris, HackerOne Chief Policy Officer, all an organizations has to do is answer a few questions, and they’ll get an overview of where they stack-up against their peers when it comes to the disclosure process and vulnerability mitigation. Considering that recent events with FireEye have brought the topic of bounty programs and the disclosure process back to center stage, organizations that don’t have a process in place to deal with disclosure can use the HackerOne tool as a conversation starter within the company.The video embedded below offers a full overview, but at a minimum the following are a list of things a company needs to meet the basic levels of maturity: Organizational: Executive support to respond to vulnerability reports, and a commitment to security and quality as a core organizational valueEngineering: A clear way to receive vulnerability reports, and an internal bug database to track them to resolution (See ISO 29147)Communications: The ability to receive vulnerability reports and a verifiable channel to distribute advisories to affected parties (See ISO 29147)Analytics: Track the number and severity of vulnerabilities over time to measure improvements in code qualityIncentives: Show thanks or give swag. Clearly state that no legal action will be taken against researchers who report bugs Related content news Gwinnett Medical Center investigating possible data breach After being contacted by Salted Hash, Gwinnett Medical Center has confirmed they're investigating a security incident By Steve Ragan Oct 02, 2018 6 mins Regulation Data Breach Hacking news Facebook: 30 million accounts impacted by security flaw (updated) In a blog post, Facebook’s VP of product management Guy Rosen said the attackers exploited a flaw in the website's 'View As' function By Steve Ragan Sep 28, 2018 4 mins Data Breach Security news Scammers pose as CNN's Wolf Blitzer, target security professionals Did they really think this would work? By Steve Ragan Sep 04, 2018 2 mins Phishing Social Engineering Security news Congress pushes MITRE to fix CVE program, suggests regular reviews and stable funding After a year of investigation into the Common Vulnerabilities and Exposures (CVE) program, the Energy and Commerce Committee has some suggestions as to how it can be improved By Steve Ragan Aug 27, 2018 3 mins Vulnerabilities Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe