Zack WhittakerJun 19

New by me: I analyzed the websites of America's top companies (aka Fortune 100) and found dozens of companies don't have any easy way to report security flaws to them.

Of the companies that _do_ have vulnerability disclosure policies, half don't actually pay for bug reports.

I break down the data in my new article: https://this.weekinsecurity.com/dozens-of-americas-largest-companies-have-no-simple-way-to-report-security-flaws/

My cyber newsletter also goes out weekly. Sign up/RSS: https://this.weekinsecurity.com

Dozens of America's largest companies have no simple way to report security flaws

New analysis shows that around one-third of America's Fortune 100 companies do not have a vulnerability disclosure policy, bug bounty, or a dedicated email address for reporting security flaws.

~this week in security~
Show threadHambone Fakenamington
@zackwhittaker no large (non tech) company seems to know how to deal with reports.
Jun 19 at 1:10pmWeb