ELLICOTT CITY, MD – Howard County Executive Calvin Ball today announced the launch of its groundbreaking Vulnerability Disclosure Program (VDP), which is the first of its kind in the state. The VDP serves as a digital neighborhood watch, enabling external parties to report vulnerabilities securely.
Howard County is dedicated to ensuring our residents and businesses are safe, including being leaders in cybersecurity. In Howard County, we prioritize and invest in cybersecurity to ensure systems are in place to protect our residents and governmental operations to minimize disruptions. As a county government, we have IT systems across various domains, including life safety, water treatment, elections support, waste reclamation, recreation and parks, and more. Each mission presents its own set of unique challenges. With the launch of this program, we are taking one step further in protecting from vulnerabilities.
When an individual finds a vulnerability and publicly discloses it, they alert everyone, to include cybercriminals, to the vulnerability. This practice can expose the organization to unnecessary risks. When a vulnerability is directly brought to the organization for remediation, staff can prioritize the bug, develop a patch, and notify the finders on their terms. VDPs provide a centralized platform for third parties to report vulnerabilities, allowing security teams to swiftly assess and remediate them.
The VDP works with ethical hackers of HackerOne to receive vulnerability reports, prioritize them and remediate vulnerabilities. Once a best practice, it has become a necessity due to an increased threat environment. The U.S. Department of Defense (DoD) utilizes VDPs to secure its public-facing systems and leverage the expertise of hackers worldwide.
Hackers can uncover vulnerabilities such as cross-site scripting, forgery, SQL injection attacks, and privilege escalation through a VDP. Identifying these flaws before malicious actors exploit them allows organizations to patch vulnerabilities before cybercriminals gain access.
VDPs also provide enhanced visibility into the nature, quantity, and severity of vulnerabilities faced by organizations. Understanding the attack surface and average remediation times enables organizations to improve their operational processes and adopt a proactive approach to cybersecurity. With the help of ethical hacker intelligence, Howard County can ensure business continuity by safeguarding digital systems, networks, and constituent data, while maintaining the focus on delivering excellent digital services.