Why Managed Responsible Disclosure?
Responsible Disclosure (RD) has become a basic layer of security infrastructure, allowing organizations to receive vulnerability submissions from the general public. Although RD is a basic provision, receiving vulnerabilities from public researchers outside of the Synack Red Team (SRT) requires thoughtful implementation and management. Good ethics and security expertise are a critical part of any RD program and you need a trusted partner that can give you the best advice.
Why Synack for Responsible Disclosure?
High ethical standards are built into the core of the Synack model. Synack’s managed approach gives the same thorough triage and analysis to every submission and ensures that they are handled promptly and professionally. *Synack Managed Responsible Disclosure solution is offered exclusively to Synack customers as an add-on service to Synack’s standard solutions for vulnerability discovery and/or penetration testing.
Responsible Disclosure on Your Site
Synack will set up responsible disclosure program pages for you so that you can easily create one link to them from your site. Once the link is published anyone can report a vulnerability or issue found on your site or in an application. That submission will go straight to Synack so we can review it and determine if it’s a valid vulnerability. If it is valid, it will be reported to you on the Synack Client Portal for review. All researchers who submit valid vulnerability reports through our Responsible Disclosure program will receive public recognition for their findings at client.responsibledisclosure.com.
Learn More >