This article talks about how important it is for companies to have vulnerability disclosure
policies, which are rules that let outside researchers report security problems without fear of
being sued. Many companies don’t have these rules, so security researchers are often afraid to
share what they find. This means companies might not know about weaknesses in their systems.
But things are changing. After big cyberattacks, experts like Rod Rosenstein and the US
Department of Homeland Security have encouraged companies to have VDPs to help improve
security.
The article also mentions bug bounty programs, where companies pay hackers to find security
problems. These programs are becoming more popular, with platforms like HackerOne and
Bugcrowd paying millions of dollars to researchers. More and more companies are starting to
use these programs, and experts expect that by 2022, half of all companies will use outside
researchers to find security issues. Even though some companies were slow to adopt these
policies, the growth of bug bounty programs shows that more businesses are realizing how
important it is to work with experts to fix security problems.