In today's rapidly evolving digital landscape, cybersecurity remains a top priority for organizations of all sizes. As a leading provider of security solutions, we appreciate and understand the pressures of the current threats that organizations face daily. A critical risk often faced by suppliers is supply chain security. A supply chain attack can undermine a company’s operations and introduce risk at unprecedented levels, potentially leading to a catastrophic outcome.
Egress is proud to announce their partnership with the UK Ministry of Defence (MoD) and HackerOne to initiate a Vulnerability Disclosure Program (VDP), facilitating access to a world-class tier of ethical hackers and security researchers. Collaboration via the HackerOne platform ensures that our products are as secure as possible, using the best talent available. This allows us to provide assurance to our customers to further reduce the risk that we have on our customers.
What is a Vulnerability Disclosure Program?
A Vulnerability Disclosure Program (often referred to as a VDP) is a centralized process in which an organization allows for security flaws to be reported through a collaborative network of ethical hackers and security researchers. The aim of such a program is to improve an organization’s security through a ‘see something, say something’ approach. The overarching goal of a VDP is to ensure vulnerabilities are safely disclosed and remediated before a malicious actor can exploit them.
The role of ethical hackers
Ethical hacking (also known as ‘white hat’ hacking) involves individuals who use their technical skills and abilities to uncover vulnerabilities in a wide range of technologies, within networks, applications, and computer systems. Ethical hackers are individuals who operate within the legal and ethical boundaries of hacking, following strict rules of engagement and requirements. Their efforts are focused on identifying weaknesses, testing, and where possible, assisting with the remediation process. Within the digital landscape, ethical hackers and security researchers play a critical role in ensuring organizations such as Egress, the Ministry of Defence, and many others, remain secure in an ever-evolving environment.
How the program works and what does it mean
Earlier in the year, Egress entered talks with the MoD to change our previous method of reporting vulnerabilities, which has resulted in a more rigorous and structured approach using a well-known and trusted third party, called HackerOne. By providing a platform for ethical hackers and security researchers to register and engage with organizations in a structured format, HackerOne facilitates testing under the protection of a safe harbor policy. Through proactive vulnerability management and enhanced levels of collaboration with the MoD, Egress can ensure that our products provide unparalleled levels of security.
How do I report a vulnerability?
Any vulnerabilities that are discovered on Egress owned/hosted products or systems are to be reported to our HackerOne VDP located at: https://hackerone.com/egress-vdp.
Additional information is available through the ‘Flaw and Vulnerability Reporting’ page on the Egress website located at: https://www.egress.com/legal/flaw-and-vulnerability-reporting.
For the fastest triage and response, we recommend using the HackerOne platform. Additionally, we would like to remind users submitting reports to follow the guidance and rules of engagement laid out in the Scoping (for in and out of scope assets/vulnerabilities) and Program Rules in order to adhere to our safe harbor policy.
We look forward to engaging with the ethical hacking community. Happy hunting!