BoostIO Co., Ltd. Bug bounty platform “IssueHunt” officially released “IssueHunt VDP”, a tool for setting up a vulnerability reporting window to prevent information leaks.

BoostIO Co., Ltd.
Bug bounty platform “IssueHunt” officially releases “IssueHunt VDP”, a tool to set up a vulnerability reporting window to prevent information leaks
VDP, which is also introduced by the US government, can be introduced in 5 minutes

BoostIO Co., Ltd. (Chuo-ku, Tokyo, Representative Director Kazumasa Yokomizo) has officially started offering “IssueHunt VDP”, a tool for setting up a vulnerability reporting window to prevent information leaks, from January 16, 2023 today. .
https://vdp.issuehunt.io/
background
We provide a platform “IssueHunt Bug Bounty”
(https://bounty.issuehunt.io/company) that allows you to request vulnerability assessments from security researchers.
In order to solve the problem that we faced while promoting dialogue with customers, “Vulnerability reports from outside did not reach the security staff, and the risk of information leakage was neglected.” We have started offering “IssueHunt VDP”, which is an arrangement for Japanese companies of the “Vulnerability Disclosure Program” that the US government has introduced as a means of accepting.
Problem to solve
Information leakage risk
Since there is no way to transmit vulnerability reports, there is a risk of being published on SNS in the worst case. In addition, as a means of receiving vulnerability reports, the existence of the Information Security Early Warning Partnership provided by the Information-technology Promotion Agency (IPA) and the JPCERT Coordination Center can be cited. Since there is a time lag of several days until the data reaches the company, the vulnerability (≒ personal information leakage risk) is left unattended during that time. Vulnerability reports are not communicated to security personnel Due to the fact that vulnerability reports are sent to customer support, there are situations where they do not reach the security team directly, and in the worst case they are overlooked. Even if a third party stumbles across a vulnerability, without a vulnerability reporting policy, they may not report it for fear of legal liability, no matter how well-meaning the finder.
Service overview
You can set up a contact point specializing in vulnerability reporting with no code, and a third party who discovers your company’s vulnerability can report it.
When a report arrives, a Slack notification will be sent, so the security staff can immediately check it and prevent it from being overlooked.
In addition, it also supports the generation of security.txt, a mechanism for posting security policies and contact information for vulnerability reports on the website, announced as RFC9116 (*) in April 2022.
*RFC9116 link: https://www.rfc-editor.org/rfc/rfc9116
[Image

https://vdp.issuehunt.io/
If you have any questions, please contact us from here.
https://bounty.issuehunt.io/about-us
===
【Company Profile】
Company name: BoostIO Co., Ltd.
Representative: Kazumasa Yokomizo
Location: Kayabacho 1-chome Heiwa Building, 1-8-1 Nihonbashi Kayabacho, Chuo-ku, Tokyo
Contact: https://bounty.issuehunt.io/about-us

Details about this release:
https://prtimes.jp/main/html/rd/p/000000009.000039740.html

MAIL:cr@prtimes.co.jp

%d bloggers like this: