Written by Geir Inge Jensen, CISO | 09 July 2021
Cybersecurity is an essential part of the Dualog DNA. As a company, we are always looking for steps to safeguard our customers from current and emerging threats and vulnerabilities related to digitalisation. When Dualog launched its Vulnerability Disclosure Program last year, it was based on the realisation that the cybersecurity landscape is changing so fast. To keep up with the ever-evolving threats, we needed to partner with the best security consultants and researchers out there. Hence, the VDP was launched. But what is a Vulnerability Disclosure Program, you might ask?
In short, a vulnerability disclosure program offers a secure channel for researchers to report security issues and vulnerabilities, with strict guidelines and protocols on how and in what manner these reports are delivered to us. It gives hackers and security researchers clear guidelines for reporting security vulnerabilities to the proper person or team. On our side, we have built a framework for intake, triage, and corresponding workflows for remediation should a vulnerability meet specific criteria.
There are multiple ways to evaluate the severity of a vulnerability. A defined set of objective criteria and the quality of the report will dictate what fees are paid out to the researchers. Since its launch, security consultants and so-called "white hat" hackers have earned more than 10K USD in fees by reporting potential risks.
When handled and fixed, we are obliged to update the community with a listing of the reported security flaws. You can find a listing of all the Common Vulnerabilities and Exposures (CVEs) with more detail on each particular vulnerability and their fixes or workarounds on the Dualog support page.
Ultimately, the Vulnerability Disclosure Program allows us to resolve critical security vulnerabilities quickly and minimises the impact any security flaws might have on our customer's operations.
You can find the VDP here.