Read the original article: 6 tips for receiving and responding to third-party security disclosures
Organizations—especially large companies—often don’t learn about an intrusion or breach of their systems until an external party like a security researcher, law enforcement agency or business partner alerts them to it. The expanding range of attack methods, the growing use of open-source components, and the adoption of cloud services have significantly expanded the attack surface at many organizations and made it harder for security teams to discover breaches on their own. 6 tips for receiving and responding to third-party security disclosures