← Back to Cybersecurity Services
About our Programs
The Cybersecurity division of Libertalia specializes in building and managing responsible disclosure programs (also known as vulnerability disclosure programs). This innovative, cybersecurity strategy helps companies secure their websites, networks, and online services by using the global community of cybersecurity researchers to identify security flaws on your website before they can be exploited by malicious attackers.
Our management team has had the distinct pleasure of working with many Fortune 500 companies to mitigate high-risk security flaws. Additionally, our management team is background checked by both Sterling and Homeland Security, making our firm uniquely qualified to build and manage top-tier responsible disclosure programs.
What is a Responsible Disclosure Program?
“Responsible disclosure” is an industry term to describe the process of ethical hackers identifying security flaws in a company’s system and responsibility reporting those issues to the company before a malicious hacker can exploit the same flaws. Thus, a “responsible disclosure program” is an established channel of communication for ethical hackers to securely report security flaws to companies without fear of legal backlash. By establishing a program companies become better protected from malicious attackers because a global community of ethical hackers will donate quality time to researching flaws thus allowing companies to keep their systems more secure.
The Problem
In late 2016, part of our management team reported a vulnerability to a major tech company that allowed “unauthenticated access to protected files and remote code execution through a privileged user account due to a piece of malware that had laid dormant on the server”. In layman’s terms, the flaw discovered was critical. Today it would receive the highest risk designation in the industry. Initially, they were hesitant to report the discovery, due to horror stories they heard from other well-intentioned researchers who faced the wrath of overzealous legal teams. Eventually, after several months of persistence, they reached a company director who, after some vetting, worked with the security officer to mitigate the risks associated with the discovery.
This story is not uncommon and demonstrates an organizational problem that exists within most major companies today. Decades of fear surrounding the word “hacker” have made companies afraid to engage with individuals who legitimately want to help (called ethical hackers). But how do companies create a safe way to engage with “ethical hackers”? By establishing a responsible disclosure program with a management team trained to recruit and assist ethical hackers. Using a program, companies can supplement and add a significant layer of security to their existing security measures. But how does a company go about building a program?
The Solution
At Libertalia we build and manage top-tier, highly efficient responsible disclosure programs. A responsible disclosure program encompasses three components:
A wisely crafted corporate policy that clearly outlines the boundaries of what ethical hackers are permitted to do in testing against a company’s system without fear of legal ramifications.
An established, easy-to-use channel of communication where ethical hackers can privately and securely submit reports, be kept updated on action taken from their reports and be appropriately recognized for their contributions.
A trained management team to interact with hackers, review reports for accuracy and send all actionable information back to the company for mitigation before malicious hackers exploit the exact same vulnerabilities.
We offer a solution for all three of these components. We will write or help write the corporate policy, build and run the program, recruit the ethical hackers, handle all interactions and communications with them, and most importantly diligently review and verify reports, weeding out the chaff and sending only the actionable information your security team needs to mitigate vulnerabilities quickly.
Starting a Program
We can start a new program for your firm in as little as two weeks. Our firm manages programs through yearly contracts, paid monthly.
For small to mid-size organizations, we recommend our managed responsible disclosure programs starting at just $3,000 per month. With this service we will build, manage, and promote a responsible disclosure program to protect your company’s digital assets, and our management team will review up to twenty (20) reports per month. While this is typically sufficient for most mid-sized organizations our pricing is set up to scale with you. When you launch a new website or make updates this can increase the number of reports your program receives in a given month, when this happens our team will contact you about boosting your report limit for that month.
For large organizations, we recommend our responsible program manager starting at $10,000 per month. With this service, we will build a program custom-tailored to your organization and train your existing team to review and verify reports submitted to the program. Additionally, we will provide a dedicated manager from our team who will supervise your program for its duration. This manager will provide training to your team, monitor interactions on the program, handle customizations to your program, review the program’s progress, and work to ensure your program is both optimal and providing you the best benefit.
Still Have Questions?
Understanding the value, concept, costs, and benefits of a managed responsible disclosure program may leave you with some questions. Feel free to read through some of the most frequently asked questions we receive about managed responsible disclosure programs.