APR 01, 2019 | US
Make It Count
Politico Morning Cybersecurity, March 27, 2019
By Tim Starks
Coordinated vulnerability programs are worthless if companies don’t provide enough personnel and resources to monitor and address bug reports, the software trade group BSA said in a white paper published Tuesday. Any company setting up a CVD program should “develop governance structures to assign personnel with clear lines of responsibility, establish a risk-based mechanism for prioritizing the remediation of vulnerabilities, and provide clear guidance about how and when to disclose vulnerability information to external stakeholders,” the group said.
BSA | The Software Alliance (www.bsa.org) is the leading advocate for the global software industry before governments and in the international marketplace. Its members are among the world’s most innovative companies, creating software solutions that spark the economy and improve modern life.
With headquarters in Washington, DC, and operations in more than 60 countries, BSA pioneers compliance programs that promote legal software use and advocates for public policies that foster technology innovation and drive growth in the digital economy.