Skip to main content
Home Javelin
  • Research
    • ADVISORY SERVICES
      • Digital Banking
        • Digital Strategy & Experience
        • Mobile & Online Banking
        • Digital Lending
        • Small Business
      • Payments
        • Comm. & Enterprise
        • Credit
        • Digital Assets & Crypto
        • Debit
        • Emerging
        • Global
        • Merchant
        • Prepaid
        • Tech & Infrastructure
      • Fraud & Security
        • Cybersecurity
        • Fraud Management
      • Wealth Management
        • Digital Wealth
        • Digital Assets & Crypto
    • PAYMENTS INSIGHTS
      • North American PaymentsInsights
      • Buyer PaymentsInsights
      • Small Business PaymentsInsights
  • Services
    • Advisory Services Research
      • Annual Subscription
    • Consulting
      • Consulting & Custom Research
      • Digital Banking Benchmarking
      • Research Reports & Webinars
      • Card Bench
    • PaymentsJournal
  • Events
    • Industry Events
      • Conferences
    • Javelin Webinars
      • Webinars
  • About
    • About Us
      • About Javelin
      • Our Team
      • Careers
    • Newsroom
      • Press Releases
      • Javelin In The News
  • Search
Client Login
Contact Us
Contact Us
 
  1. Home

Financial Institutions Becoming Comfortable with Vulnerability Disclosure

Javelin Strategy & Research’s new report reveals interest and concerns with vulnerability disclosure policies, bug bounty programs and crowd-sourced penetration testing

San Francisco, CA, May 3, 2018: Security professionals at financial institutions are receptive to programs that guide independent researchers who find harmful security vulnerabilities in their firm’s online products and services, according to a new report by Javelin Strategy & Research, titled Bug Bounties: Overcoming Fears, Finding Solutions.

These vulnerability disclosure policies (VDPs) are becoming the standard for modern security programs. The report shows a third of engineers, IT managers, and other stakeholders surveyed – those whose chief concern is software or hardware vulnerabilities – say their FI maintains such a policy.

“Regulators may be leaning on companies to adopt VDPs while discouraging the implementation of public bug bounties – which incentivize disclosure with monetary rewards,” said Al Pascual, SVP Research and Head of Fraud & Security at Javelin Strategy & Research. “Some security professionals may not want to adopt these programs because data-breach notification laws may apply when independent security researchers are actively probing their systems.” 

###

About Javelin Strategy & Research
Javelin Strategy & Research, a Greenwich Associates LLC company, is a research-based advisory firm that helps its clients to make better-informed business decisions in a digital financial world. Our analysts offer unbiased, actionable insights and unearth opportunities that help financial institutions, government entities, payment companies, merchants, and other technology providers. (Twitter: @JavelinStrategy)

Media Contact
Joan Weber
203.625.4354
joan.weber@greenwich.com

Tejas Puranik
925.218.4726
marketing@javelinstrategy.com

Media Contact

Allison Bondi
Allison Bondi
allison.bondi@javelinstrategy.com

Media Inquiry

logo
Proud member of
the Escalent Group.

About Us

  • About Javelin
  • Careers
  • Our Team
  • Javelin in the News
  • Press Releases

Insights

  • Full Research library
  • Identity Fraud Study
  • Child and Family Cybersecurity Study
  • Scorecard Reports
  • Whitepapers
  • Annual Trends Reports

Research Practices

  • Digital Banking
  • Fraud & Security
  • Payments
  • Wealth Management

Contact Us

  • Schedule an Analyst Briefing
  • Sign up for Javelin Newsletter
  • Privacy Policy
  • Terms of Use
  • Sitemap
©2025 Escalent and/or its affiliates. All right reserved.
  • LinkedIn
PART OF THE ESCALENT GROUP