One-third of Fortune 100 companies lack vulnerability reporting channels, analysis finds
By
Zack Whittaker
Summary
A new analysis of America's top 100 companies by revenue reveals that approximately one-third lack any clear mechanism for security researchers or the public to report vulnerabilities — no dedicated email address, bug bounty program, or vulnerability disclosure policy. This includes major firms like Cencora, Charter, and Home Depot, which have previously experienced significant security incidents yet still have not established formal reporting channels. The findings highlight a persistent gap in corporate cybersecurity practices among even the largest U.S. companies.
Source
bskyOne-third of Fortune 100 companies lack vulnerability reporting channels, analysis findsthis.weekinsecurity.comKey quotes
· 3 pulledIf you found a security bug or vulnerability at a top American company, there's a good chance that you will have no easy way of alerting them.
Around one-third of the largest companies in the United States have no apparent way to notify them about security issues, such as through a dedicated email address or bug bounty program.
Some of these companies, like Cencora, Charter, and Home Depot, have experienced major security incidents in the past but still have not...
You might also wanna read
Challenges in Reporting Vulnerabilities in Belgian Banking System
The article discusses the author's experience with reporting a vulnerability in a Belgian bank's online platform through the Coordinated Vul
Security Researcher Discovers Critical Data Vulnerability in Sports Insurer Portal, Faces Legal Threats Instead of Cooperation
A diving instructor and platform engineer discovers a critical security vulnerability in a sports insurer's portal during a dive trip, expos
Analysis of Human Factors in 125,000 Linux Kernel Vulnerabilities: Who Writes Bugs and When
This article analyzes 125,000 Linux kernel vulnerabilities to understand the human factors behind bug introduction. It examines who writes b
Survey reveals 78% of enterprises are reporting AI-related security incidents
How LLMs Have Democratized Vulnerability Discovery and Changed Open Source Security
The article discusses how the landscape of vulnerability reporting has fundamentally changed with the rise of LLMs and AI-powered security t
How LLMs Have Democratized Vulnerability Discovery and Changed Open Source Security
The article discusses how the landscape of vulnerability reporting has fundamentally changed with the rise of LLMs and AI-powered security t
AI-Generated Vulnerability Reports Overwhelm Bug Bounty Platforms and Security Teams
A cybersecurity expert with nearly a decade of experience in bug bounty programs analyzes the growing problem of AI-generated vulnerability

Comments
Sign in to join the conversation.
No comments yet. Be the first.