5. Leverage Third-Party Tools, Ethical Hackers For Insight
Ramakrishna said SolarWinds will leverage third-party tools to expand the security analysis of the source code for Orion software as well as related products. The company also pledges to engage with and fund ethical hacking from white hat communities to quickly identify, report and remediate security issues across the entire SolarWinds portfolio, according to Ramakrishna.
Vulnerability disclosure programs are nearly as old as the internet itself but didn’t gain traction until the early 2010s when companies like Microsoft, Google, Facebook and Mozilla rolled out programs of their own. Companies without a formal vulnerability disclosure policy often remain in the dark about known flaws in their architecture, with hackers not reporting flaws they’ve found due to fear of retaliation.
Vulnerability disclosure programs are therefore becoming accepted as an industry best practice, CRN reported in February 2018, and are recommended by everyone from the U.S. Department of Defense to the Food and Drug Administration. But despite the regulatory guidance, HackerOne found in early 2018 that just 6 percent of the Forbes Global 2000 companies have a known vulnerability disclosure policy.