The attention being given to vulnerability disclosure policies (VDP) in the past year has increased dramatically. It might be the latest high-profile breach that sparks a comment, but more and more, it’s the attitude that VDPs aren’t just nice-to-haves, they’re critical for every company.

From governments to technologists, General Electric to General Motors, and US senators to EU regulators, people are recommending all companies embrace vulnerability disclosure policies.

Here’s a few quotes:


We’ve compiled a total of 16 recent quotes and highlighted the important points. If you need more incentive to kickstart or formalize your own VDP, this will help.

And if you think you’re not going to be asked by someone inside or outside your company to explain your lack of a VDP, skim through these quotes and then think again.

View and download the pdf Voices of Vulnerability Disclosure Policy or share it on SlideShare. 


HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.

Posted by Charlie