APNIC’s Vulnerability Reporting Program
Overview
Course Overview
APNIC has been running a public Vulnerability Reporting Program (VRP) for just over a year now, where we have been inviting security researchers worldwide to responsibly report to us any vulnerabilities they find in our networks, servers, and services.
This course will follow the VRP from its first concept, through creation and the first year of operations. We’ll look at when went well, and what improvements were made along the way. We’ll also review the vulnerabilities reported, and examine them based on when they were reported, their severity, and who reported the issues to us. We’ll then cover some lessons learned from this project, and what APNIC is doing next to improve external vulnerability management.
Course Outline
This course will cover the following topics:
- What is a Vulnerability Reporting/Disclosure Program? (VRP/VDP)
- Why APNIC started a VRP
- Process of creating a VRP
- Review of vulnerabilities reported (count, severity, who reported them)
- Lessons learned
- What are the next steps after the VD