With our modern-day reliance on digital technology, software and system vulnerabilities have become increasingly hard to avoid. Thoroughly eliminating all these vulnerabilities can be a challenge, but through a coordinated vulnerability disclosure (CVD) program, governments and private companies can mitigate them with the help of independent security researchers. When instituted and followed, a CVD program allows companies to manage the process of disclosure and handling of vulnerabilities in a controlled fashion by working with security researchers to coordinate a set of common terms and a timeline.
Follow Sandra Ortiz, the CEO of a Florida-based hotel chain, as she and her Chief Information Security Officer respond to a crisis that could have been mitigated with a CVD program. Sandra’s story aims to promote a better understanding of CVD practices among policymakers and business leaders, as well as address the misperception of CVD as a catch-all solution for cybersecurity threats. As cyber insecurity affects every aspect of our lives, from how we work to how we travel or how we vote. Grappling with those issues can be overwhelming at times, but CVD empowers us to tackle them together.