14 DAY TRIAL // The Cyber Defence Research Center(CDRC) of India’s Jharkhand Police has launched a responsible disclosure program to help ethical hackers submit the vulnerabilities they find to the affected vendors, E Hacking News reports.
The program encourages all those who identify security issues on the websites or in the computer systems of Indian ministries, public or private organizations, or government departments to fill out a submission form with the required details.
“Our in house team has close relationships with the information security community and ‘disclosure’ has been found to be a big issue amongst the ethical hacker community,” the police agency’s CDRC noted.
“Either they were unable to report issues, or when issues were reported they faced offensive action instead of gratitude from the organization(s). Like all whistleblowers, it is a tightrope these ethical hackers have had to walk in the absence of a support system backed by Law Enforcement Agencies,” they added.
“The senior officers at JH Police believe that this will help the ethical community in significantly contributing to proactive cyber crime control and have whole-heartedly supported the initiative.”
It’s worth noting that this is not a bug bounty program. There are no monetary rewards or certificates. Also, anonymous submission are not encouraged, being allowed only under certain circumstances.
It remains to be seen if the disclosure program will manage to help security experts in getting through to companies. However, considering the large number of vulnerabilities identified by Indian researchers these days, the effort is highly welcome.
The responsible disclosure submission form is available here.
A FAQ for the program can be found here. Be sure to read it before submitting any information because there are precise rules that must be followed by those who want to contribute.