Contact

Vulnerability Disclosure Handling

Our Managed Vulnerability Disclosure Handling (MVDH) service offers a solution for managing all vulnerability reports submitted to your organization by email. We handle every step between you and the external security researcher, and act as an extension of your team. 

We assess every vulnerability report sent to you by testing if the vulnerability is (remotely) exploitable, communicate directly with the external security researcher and report back to you with practical recommendations from our cybersecurity experts.

Vulnerability Disclosure Handling

Our Managed Vulnerability Disclosure Handling (MVDH) service offers a solution for managing all vulnerability reports submitted to your organization by email. We handle every step between you and the external security researcher, and act as an extension of your team. 

We assess every vulnerability report sent to you by testing if the vulnerability is (remotely) exploitable, communicate directly with the external security researcher and report back to you with practical recommendations from our cybersecurity experts.

Challenges

Challenges with Vulnerability Disclosure Handling

Our managed service provides a comprehensive solution for handling all vulnerability reports submitted to your organization via email. Acting as an extension of your team, we manage every step of the process, bridging communication between you and the external researcher.

If you don’t yet have a Vulnerability Disclosure Policy (VDP) or Vulnerability Handling Process in place, we can help you establish one that aligns with ISO29147 and ISO30111 standards, as recommended by NIST, ENISA, and CISA.

Our service is for customers who:

  • Lack dedicated security expertise
  • Value proactive cybersecurity
  • Wanna grow cybersecurity maturity and trust

Our solution

Sawah Cyber Security’s managed service assists companies in responsibly handling these vulnerability reports while adhering to local laws. We act as a bridge between your organization and external researchers, guiding them to report issues ethically and ensuring they understand the legal law boundaries in your country. By facilitating communication and setting clear boundaries, we promote an environment of ethical hacking and reporting, where researchers have explicit permission from the system owners.

Through this service, we help protect our clients by responsibly managing vulnerability disclosures, educating external researchers on local law, and fostering a culture of security awareness and compliance.

Interested?

Bug Bounty Hunting

In the past decade, bug bounty hunting has become increasingly popular among ethical hackers and organizations. We see more organizations wanting to take a proactive approach to cybersecurity, yet many lack the in-house expertise needed to manage incoming vulnerability reports effectively. This lack of expertise can lead to delayed responses, unmanaged risks, and missed opportunities to strengthen the organization’s overall security posture.

Stay ahead of the bad guys

Our proactive approach keeps you ahead of potential threats. By quickly addressing vulnerabilities before adversaries can exploit them, we help you by becoming more resilient.

We speak the Language of Hackers

We understand the hacker mindset and we know how to engage directly with security researchers. We bridge that gap between you and the researched and align goals of all parties.

Streamline communication

We ensure that your team only spends time on meaningful and actionable vulnerability reports. We filter out irrelevant reports and false positives, allow your team to focus on real vulnerabilities.

Show you are serious about cybersecurity

Actively managing vulnerability reports and engaging with researches demonstrates your commitment to cybersecurity and builds trust with customers, partners, and stakeholders.

How it works in 5 steps

1. Onboarding your organization

The first step in our Managed Vulnerability Disclosure Handling (MVDH) service is to thoroughly understand how vulnerability reports currently reach your organization and how we can integrate our service seamlessly as part of your team. 

2. Monitoring incoming reports

We will monitor the incoming vulnerability reports sent to your organization. In many cases, organizations use a general mail box for incoming emails (e.g. [email protected] or [email protected]).

We examine the report in details and assess the affected assets, the nature of the vulnerability and potential risks. To verify the impact, we test the vulnerability (in staging or live environment) to determine if its remotely exploitable and the threat level.

3. The security researcher

We communicate with the security researcher on your company’s behalf within 24 hours of receiving the initial vulnerability report. If needed, we promptly request additional details or proof to ensure a thorough understanding of the reported vulnerability.

4. Your team

In case the vulnerability report is valid, we communicate with your team and give them recommendations as trusted cybersecurity advisor.

5. Remediation and retesting

After your team applies a security fix, we verify that the vulnerability has been resolved. We then request the security researcher to verify the remediation as a double check.

Once the vulnerability has been effectively remediated and confirmed by the external researcher, we will notify you, ensuring you have full assurance that the vulnerability is resolved.

Depending on the Vulnerability Disclosure Policy you choose to adopt, we can determine whether to offer a bug bounty award in the form of a Hall of Fame acknowledgment or, if applicable, a financial reward.

Sawah Cyber Security
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Our privacy policy: https://sawahcyber.id/en/privacy-policy/