“Howard County is dedicated to ensuring our residents and businesses are safe, including being leaders in cybersecurity. In Howard County, we prioritize and invest in cybersecurity to ensure systems are in place to protect our residents and governmental operations to minimize disruptions. As a county government, we have IT systems across various domains, including life safety, water treatment, elections support, waste reclamation, recreation and parks, and more. Each mission presents its own set of unique challenges. With the launch of this program, we are taking one step further in protecting from vulnerabilities,” said Calvin Ball, Howard County Executive.

When an individual finds a vulnerability and publicly discloses it, they alert everyone, including cybercriminals, to it. This practice can expose the organization to unnecessary risks. When a vulnerability is directly brought to the organization for remediation, staff can prioritize the bug, develop a patch, and notify the finders on their terms. VDPs provide a centralized platform for third parties to report vulnerabilities, allowing security teams to assess and remediate them swiftly.

The VDP works with ethical hackers of HackerOne to receive vulnerability reports, prioritize them, and remediate vulnerabilities. Once a best practice, it has become a necessity due to an increased threat environment. The U.S. Department of Defense (DoD) utilizes VDPs to secure its public-facing systems and leverage the expertise of hackers worldwide.

To learn more about VDP see the full press release.