All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Security
Security
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

One-third of Fortune 100 companies lack vulnerability reporting channels, analysis finds

By

Zack Whittaker

9d ago· 5 min readenNews

Summary

A new analysis of America's top 100 companies by revenue reveals that approximately one-third lack any clear mechanism for security researchers or the public to report vulnerabilities — no dedicated email address, bug bounty program, or vulnerability disclosure policy. This includes major firms like Cencora, Charter, and Home Depot, which have previously experienced significant security incidents yet still have not established formal reporting channels. The findings highlight a persistent gap in corporate cybersecurity practices among even the largest U.S. companies.

Source

bskyOne-third of Fortune 100 companies lack vulnerability reporting channels, analysis findsthis.weekinsecurity.com

Key quotes

· 3 pulled
If you found a security bug or vulnerability at a top American company, there's a good chance that you will have no easy way of alerting them.
Around one-third of the largest companies in the United States have no apparent way to notify them about security issues, such as through a dedicated email address or bug bounty program.
Some of these companies, like Cencora, Charter, and Home Depot, have experienced major security incidents in the past but still have not...
Snippet from the RSS feed
New analysis shows that around one-third of America's Fortune 100 companies do not have a vulnerability disclosure policy, bug bounty, or a dedicated email address for reporting security flaws.

You might also wanna read

Challenges in Reporting Vulnerabilities in Belgian Banking System

The article discusses the author's experience with reporting a vulnerability in a Belgian bank's online platform through the Coordinated Vul

devae.re·11mo ago

Security Researcher Discovers Critical Data Vulnerability in Sports Insurer Portal, Faces Legal Threats Instead of Cooperation

A diving instructor and platform engineer discovers a critical security vulnerability in a sports insurer's portal during a dive trip, expos

dixken.de·4mo ago

Analysis of Human Factors in 125,000 Linux Kernel Vulnerabilities: Who Writes Bugs and When

This article analyzes 125,000 Linux kernel vulnerabilities to understand the human factors behind bug introduction. It examines who writes b

pebblebed.com·4mo ago

Survey reveals 78% of enterprises are reporting AI-related security incidents

sdtimes.com·12h ago

How LLMs Have Democratized Vulnerability Discovery and Changed Open Source Security

The article discusses how the landscape of vulnerability reporting has fundamentally changed with the rise of LLMs and AI-powered security t

words.filippo.io·14d ago

How LLMs Have Democratized Vulnerability Discovery and Changed Open Source Security

The article discusses how the landscape of vulnerability reporting has fundamentally changed with the rise of LLMs and AI-powered security t

words.filippo.io·14d ago

AI-Generated Vulnerability Reports Overwhelm Bug Bounty Platforms and Security Teams

A cybersecurity expert with nearly a decade of experience in bug bounty programs analyzes the growing problem of AI-generated vulnerability

devansh.bearblog.dev·8mo ago

Comments

Sign in to join the conversation.

No comments yet. Be the first.