Search
00
GBAF Logo
trophy
Top StoriesInterviewsBusinessFinanceBankingTechnologyInvestingTradingVideosAwardsMagazinesHeadlinesTrends

Subscribe to our newsletter

Get the latest news and updates from our team.

Global Banking & Finance Review®

Global Banking & Finance Review® - Subscribe to our newsletter

Company

    GBAF Logo
    • About Us
    • Advertising and Sponsorship
    • Profile & Readership
    • Contact Us
    • Latest News
    • Privacy & Cookies Policies
    • Terms of Use
    • Advertising Terms
    • Issue 81
    • Issue 80
    • Issue 79
    • Issue 78
    • Issue 77
    • Issue 76
    • Issue 75
    • Issue 74
    • Issue 73
    • Issue 72
    • Issue 71
    • Issue 70
    • View All
    • About the Awards
    • Awards Timetable
    • Awards Winners
    • Submit Nominations
    • Testimonials
    • Media Room
    • FAQ
    • Asset Management Awards
    • Brand of the Year Awards
    • Business Awards
    • Cash Management Banking Awards
    • Banking Technology Awards
    • CEO Awards
    • Customer Service Awards
    • CSR Awards
    • Deal of the Year Awards
    • Corporate Governance Awards
    • Corporate Banking Awards
    • Digital Transformation Awards
    • Fintech Awards
    • Education & Training Awards
    • ESG & Sustainability Awards
    • ESG Awards
    • Forex Banking Awards
    • Innovation Awards
    • Insurance & Takaful Awards
    • Investment Banking Awards
    • Investor Relations Awards
    • Leadership Awards
    • Islamic Banking Awards
    • Real Estate Awards
    • Project Finance Awards
    • Process & Product Awards
    • Telecommunication Awards
    • HR & Recruitment Awards
    • Trade Finance Awards
    • The Next 100 Global Awards
    • Wealth Management Awards
    • Travel Awards
    • Years of Excellence Awards
    • Publishing Principles
    • Ownership & Funding
    • Corrections Policy
    • Editorial Code of Ethics
    • Diversity & Inclusion Policy
    • Fact Checking Policy
    Original content: Global Banking and Finance Review - https://www.globalbankingandfinance.com

    A global financial intelligence and recognition platform delivering authoritative insights, data-driven analysis, and institutional benchmarking across Banking, Capital Markets, Investment, Technology, and Financial Infrastructure.

    Copyright © 2010-2026 - All Rights Reserved. | Sitemap | Tags

    Editorial & Advertiser disclosure

    Global Banking & Finance Review® is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

    1. Home
    2. >Technology
    3. >Proactive and Responsible Disclosure Strengthens Business Cybersecurity
    Technology

    Proactive and Responsible Disclosure Strengthens Business Cybersecurity

    Published by Jessica Weisman-Pitts

    Posted on October 29, 2024

    5 min read

    Last updated: January 29, 2026

    Add as preferred source on Google
    An illustration of cybersecurity strategies highlighting proactive vulnerability disclosure, emphasizing its importance for businesses in strengthening their defenses against cyber threats.
    A cybersecurity expert discussing proactive vulnerability disclosure - Global Banking & Finance Review
    Why waste money on news and opinion when you can access them for free?

    Take advantage of our newsletter subscription and stay informed on the go!

    Subscribe

    Tags:cybersecuritytechnologyfinancial servicesrisk managementinnovation

    Quick Summary

    Jim Richberg, Head of Cyber Policy and Global Field CISO at Fortinet

    Jim Richberg, Head of Cyber Policy and Global Field CISO at Fortinet

    By Jim Richberg, Head of Cyber Policy and Global Field CISO at Fortinet

    Cyberattacks on businesses are growing in size and complexity, with almost one in three UK firms suffering an attack in the past year. With threat actors targeting businesses regardless of size and industry, attacks are now a matter of “if” and not “when.”

    Identifying and disclosing vulnerabilities before they have the chance to affect the wider business is crucial to lowering the risk of an attack. With most vulnerabilities stemming from coding errors, early detection is key to protecting devices, businesses and customers from cyber threats. Ensuring this is done responsibly by aligning with government standards and communicating with customers on new and existing vulnerabilities plays a crucial role in protecting businesses against future threats.

    Making impactful change

    All digital devices and software are built on code. According to one recent industry analysis, an average software code sample contains 6,000 defects per million lines of code. Research indicates that about 5% of those defects can be exploited, roughly translating to three exploitable vulnerabilities for every 10,000 lines of code. In a world of imperfect code, who would we want to find the problems — the manufacturer, users and third party researchers, or malicious actors? While having users or third parties find problems is a common approach, a product’s manufacturer usually has the greatest expertise and resources to bring to bear to finding problems and vulnerabilities.

    Every producer of IT products and services is responsible for following robust security standards at all stages of the product development lifecycle. These vendors must also practice responsible radical transparency and proactively search for and disclose vulnerabilities in their software. If a defect poses a security vulnerability it should be reported as such, and not labelled a functional fix or performance upgrade, since many large organizations will apply security patches but are more selective in applying functional fixes. Mis-labeling a security vulnerability as another type of problem doesn’t fully inform users of risk. Practicing radical transparency not only protects product users before they are exploited but also allows other organisations to examine their own code for similar vulnerabilities. There are several ways to do this; self-discovery through rigorous manual code analysis, penetration testing and automated fuzzing; encouraging third-party threat researchers to report discovered vulnerabilities to vendors; and detection via indications of active exploitation (where an organisation discovers a vulnerability itself).

    Not all organisations follow the same standards for transparency in vulnerability disclosure regardless of how the gaps in defence are discovered. While there are a number of industry best practices for encouraging responsible disclosure processes, including the National Cybersecurity Centre (NCSC)’s Vulnerability Disclosure Toolkit, adhering to these guidelines is unfortunately not required.

    Ensuring collaboration and transparency

    IT manufacturers who prioritize building security into their products and services from day one benefit in a variety of ways, ranging from producing more secure offerings that will require less security patching after delivery to building a solid foundation of trust with customers, partners, and the public. Measures manufacturers should include aligning to industry-recognized standards from government organisations, such as the NCSC in the UK and the Cybersecurity and Infrastructure Security Agency (CISA) in the United States.

    Also, having timely and ongoing communication with customers is essential in protecting and securing businesses from external threats. Doing so allows for threats to be responded to appropriately. It also allows for remediation measures to be quickly and transparently published. Robust communication enables everyone within a business to understand where associated threats may lie, allowing teams to be proactive in taking additional cybersecurity measures as needed.

    Understanding the potential for vulnerabilities to surface while setting high standards for responsible development and disclosure to mitigate them empowers businesses to make informed risk-based decisions about their cybersecurity. To take this one step further, once this policy has been implemented by an organisation, the next step is to adopt a ‘secure by design’ approach.

    Secure by design is a concept that prioritises security as a core business requirement. Secure-by-design covers every stage of product development, from concept to end-of-life, while also operating in accordance with leading standards such as NIST 800-53. Embracing secure by design principles also encompasses being transparent about potential risks, proactively disclosing vulnerabilities, and sharing actionable steps to help customers improve their cyber resilience.

    Introducing a comprehensive framework

    As the threat landscape grows more complex, customers will begin demanding that their vendors embrace secure by design principles, making this approach far more than a “nice to have” feature when procuring software.

    For technology providers, having an effective cybersecurity framework in place is vital and requires a continual commitment to transparency, collaboration, and proactive vulnerability disclosure. With code defects posing significant risks, leaders must identify, patch, and disclose vulnerabilities responsibly. Ensuring responsible disclosure empowers organisations to make more security-informed decisions, which improves cybersecurity for all.

    Frequently Asked Questions about Proactive and Responsible Disclosure Strengthens Business Cybersecurity

    1What is cybersecurity?

    Cybersecurity refers to the practice of protecting systems, networks, and programs from digital attacks, ensuring the confidentiality, integrity, and availability of information.

    2What is vulnerability disclosure?

    Vulnerability disclosure is the process of reporting and addressing security flaws in software or systems to prevent exploitation by malicious actors.

    3What is radical transparency?

    Radical transparency involves openly sharing information about vulnerabilities and security issues with users and stakeholders to foster trust and collaboration.

    4What is risk management?

    Risk management is the process of identifying, assessing, and prioritizing risks followed by coordinated efforts to minimize, monitor, and control the probability or impact of unfortunate events.

    More from Technology

    Explore more articles in the Technology category

    Image for Innovation Through Partnership: The Role of External Tech Teams
    Innovation Through Partnership: The Role of External Tech Teams
    Image for Nominations Open for Technology Awards 2026
    Nominations Open for Technology Awards 2026
    Image for Nominations Open for Innovation Awards 2026
    Nominations Open for Innovation Awards 2026
    Image for Archie earns industry recognition across G2, Capterra, and SoftwareReviews
    Archie Earns Industry Recognition Across G2, Capterra, and SoftwareReviews
    Image for The Bankaool Transformation: How a Regional Mexican Bank Became a Fintech Disruptor
    The Bankaool Transformation: How a Regional Mexican Bank Became a FinTech Disruptor
    Image for Submit Your Entry Today for Digital Banking Awards 2026
    Submit Your Entry Today for Digital Banking Awards 2026
    Image for Behavioral AI in Financial Services: Moving Beyond Automation Toward Human Understanding
    Behavioral AI in Financial Services: Moving Beyond Automation Toward Human Understanding
    Image for Submit Your Entry for Brand of the Year Awards Technology Bahrain 2026
    Submit Your Entry for Brand of the Year Awards Technology Bahrain 2026
    Image for Entries Now Open for Best Islamic Open Banking Burkina Faso APIs 2026
    Entries Now Open for Best Islamic Open Banking Burkina Faso APIs 2026
    Image for Entrepreneurial Discipline in the AI Economy: Insights from Dmytro Lavryniuk
    Entrepreneurial Discipline in the AI Economy: Insights From Dmytro Lavryniuk
    Image for Entries Now Open for Best New Digital Wallet Innovation Award 2026
    Entries Now Open for Best New Digital Wallet Innovation Award 2026
    Image for Call for Entries: Best Digital Wallet 2026
    Call for Entries: Best Digital Wallet 2026
    View All Technology Posts
    Previous Technology PostAI-Driven Strategies to Overcome Complex Banking Regulations
    Next Technology PostXiaomi Launches Faster Version of Flagship Ev in Challenge to Tesla