Smart Pension, one of the fastest-growing financial technology companies in the UK, is launching its Vulnerability Disclosure Program (VDP). Ever since Smart Pension’s launch in 2014, they’ve been committed to improving lives for employers and savers in the UK. Founded by Andrew Evans and Will Wynne, they brought together their financial and technological expertise with the original aim of making pension auto-enrolment simple.
The Past Challenges
Smart Pension determined they could improve their security processes by complementing traditional penetration tests with a VDP on the Intigriti platform. Traditional penetration testing typically involves a limited number of experts examining a site within a restricted timeframe. With a bug bounty platform, the vulnerability disclosure process is managed by an objective third party, such as Intigriti. This helps streamline the entire process but also taps into an already engaged community of ethical hackers who have experience in submitting reports.
Engaging a global pool of ethical hackers
Recognizing the need for expertise beyond the confines of traditional penetrating testing, Smart Pension sought to engage with a larger community of ethical hackers. Intigriti’s platform offered access to a vast pool of verified security specialists eager to test their systems. The goal was to tap into a diverse set of skills, ensuring a thorough examination of Smart Pension’s security posture.
Objectives of the VDP
Smart Pension’s goal is clear: maintaining a robust set of security standards. A key objective of their newly launched VDP is to seek the help of the security researcher community to achieve this goal. By ensuring the security of their platform, they aim to reinforce their users’ trust, ensuring they continue to rely on Smart Pension for their pension needs.
Future plans: Bug bounty and beyond
As Smart Pension embarks on this transformative journey, plans for the future include the launch of bug bounty programs. The initial step, marked by the VDP, serves as a precursor, allowing them to familiarize themselves with the nuances of continuous testing and crowdsourced security before expanding further. Smart Pension envisions a hybrid approach, combining the strengths of both VDP and bug bounty models, embracing continuous testing, dynamic and adjustable test coverage, and the creative skills of ethical hackers.
At Intigriti, we advocate for a forward-looking strategy that prioritizes comprehensive security through collaboration with security researchers, a vision shared by Smart Pension. The concept of inviting ethical hackers to test systems might sound unconventional, but it proves to be the most effective method for proactive safeguarding. This approach equips businesses with the confidence and robust defense mechanisms they need to thrive in today’s ever-changing digital landscape.
Read more on Smart Pension’s VDP here.
Please note, this program is only visible for ID-checked researchers.