By Intigriti
January 22, 2024
Before collaborating with Intigriti, Bühler faced a common yet complex challenge: enhancing the effectiveness of their Vulnerability Disclosure Program (VDP). Having already been established for two years, the program was struggling under the weight of inefficiency and was largely overrun with low-quality reports.
Bühler’s partnership with Intigriti, a global leader in crowdsourced cybersecurity testing, marked a real turning point for the brand. The collaboration showcased a proactive approach to navigating the complexities of managing a VDP, and marked the beginning of a new, more strategic era in Bühler’s cybersecurity initiatives.
The essence of Bühler’s challenge lay in the sheer volume of reports generated by their VDP; many of which either lacked relevance or were simply motivated by rewards rather than security concerns.
The influx of reports resulted in an administrative overload, with the team frequently battling disputes over the scope and criticality of findings. Adding to the complexity was the legal and logistical challenge of compensating all the contributors, a process which tends to be fraught with regulatory nuances.
Intigriti’s support so far has been multifaceted, addressing both the qualitative and administrative challenges around the VDP. With a robust triaging process, Intigriti ensures that all submissions not only align with Bühler’s defined scope, but also meet a quality threshold. This simple action filters out all irrelevant reports and serves up only the most important information. Intigriti has also streamlined the entire compensation process, alleviating Bühler’s legal and administrative burdens by managing payouts and necessary identity checks.
By tapping into Intigriti’s network of expert researchers, Bühler has embraced the concept of collective intelligence, harnessing the skills of a much broader community to enhance its cybersecurity measures.
As expected, the changes to the VDP following Intigriti’s collaboration have been met with prompt and significant engagement from the cybersecurity community. This immediate response, with valuable findings reported within the first day, highlighted the effectiveness of the initiative.
Internally, the project was received positively, reflecting a strong organizational commitment to cybersecurity. The onboarding process, facilitated by Intigriti, was smooth and well-structured, setting a solid foundation for this ongoing partnership.
Bühler’s primary goal with their VDP was to fortify the security of their public-facing assets, recognizing that these are often the first point of interaction with customers. So far, so good!
Building on the success of the revamped VDP, Bühler is now planning to launch a private bug bounty program, initially focusing on two key web applications. The long-term strategy involves expanding this program to include more assets, then eventually transitioning to a public bug bounty program. This phased approach reflects a thoughtful and strategic method of building on and scaling up their cybersecurity efforts.
Explore Bühler’s program here.