Every organization, though sharing an industry, carries its own unique identity shaped by its vision, mission, and core values. This individuality is further defined by industry nuances and distinct assets that they use to run their organizations or businesses.
Secuna, powered by its community-powered platform, extends its commitment beyond securing your business. We value your distinctiveness and prioritize your specific security needs.
This is embodied in one of our products, Secuna Response (Vulnerability Disclosure Program), a security program designed to cater to your organization’s unique objectives. Here, you wield the power to customize your security program to employ the expertise of our experienced hunters in our community in securing your assets while keeping everything aligned precisely with your organization’s security requisites.
What is SECUNA RESPONSE?
Secuna Response stands as a steadfast security initiative, showcasing your unwavering commitment to cybersecurity. This program engages a community of trusted cybersecurity professionals (hunters) who responsibly report vulnerabilities in your digital assets. This welcomes a “See Something, Say Something” process that helps ensure that potential security vulnerability reports end up with your team for you to properly and swiftly respond to before threat actors exploit them.
To know more about how Secuna Response works, read here.
Fine-Tune Your Secuna Response Program to Perfection
Starting your own Secuna Response program is just a few clicks away. Simply select the plan (Basic, Standard, Enterprise) that aligns with your organizational needs and proceed with the payment for the chosen subscription. Our Basic plan is complimentary, yet requires the submission of supporting documents for verification and approval before you can st2art setting up your program.
Once you are all set, you will be guided to customize your program according to your specific requirements. Here are the essential steps to tailor your program:
- Program Information: Provide essential details to present your security program in the best light.
- Program Name
Create an engaging and memorable program name that intrigues hunters, encouraging them to explore your program further. Consider using your organization’s brand or product name for a simple yet effective choice. - Program Description
Provide a concise description of your organization’s brand or product, providing insight into what your platform offers. Capture the hunters’ passion to help by effectively communicating your vision with them. - Program Visibility
Select the program visibility that aligns with your organization’s comfort level to determine who can view and participate in your program, ensuring a suitable fit for your security measures.
Public Visibility - everyone can view non-sensitive information of your program but only registered and logged in hunters can participate in your program.
Protected Visibility - all registered and logged in hunters can view non-sensitive information of your program but only verified hunters can participate in your program.
Private Visibility - only invited verified hunters can view and participate in your program.
Here is a good example of what you can put in your program information:
- Program Name: Secuna
- Program Description: Secuna is a community-powered SaaS platform that helps protect organizations by allowing researchers to submit quality vulnerability reports.
- Program Visibility: Protected
2. Program Policy: Craft a distinct disclosure policy, outlining guidelines for participating hunters.
Here is a template that follows industry-standard ISO/IEC 29147 and disclose.io that you can use as reference.
3. Assets: Define in-scope (the list of assets you want our hunters to test) and out-of-scope (list of assets that’s not included in the program scope) assets to guide hunters in their testing efforts, with limits based on your subscribed plan.
Here you will provide the type of asset/s (e.g. Custom Web App, iOS Mobile App, Cloud, etc.) you want our hunters to test, their description, and their identifiers (URL, App ID, IP Address).
4. Program Members: Add key team members from your organization to oversee program management, with limited seats based on your subscribed plan.
To add a team member from your organization to the program, simply choose a role and supply their email address.
5. Hunter Invitation (For Private Programs): Handpick specific hunters for exclusive participation through personalized invitations.
To help you choose the most suitable hunters for your program, you can view their profile to see their ranking, skills, certifications, total points, resolved reports, thanks received, and total bounties received.
6. Schedule: Plan the launch of your program strategically by scheduling its start date effectively. Opt for an immediate launch post-setup or set a specific date for a scheduled launch in the future.
7. Launch: Complete the program setup process and wait for your program to launch!
Once your program becomes active, you'll seamlessly transition to your program dashboard, providing a comprehensive overview of your program. Now, all you have to do is to wait for reports from our hunters to come in, and promptly address any identified issues. Additionally, the platform provides the option for you to pause the program while maintaining your subscription, allowing you to temporarily halt the submission of new reports as you address the other existing reports first. You can resume your program at any time right after.
Secuna Response values more than just your security initiative, it extends to the principles of your organization and what it upholds. With Secuna Response’s customization functionality, from choosing plans to crafting program details before activation, you now have more capability in fortifying your digital assets according to your business objectives while ensuring a safer cyber-environment.
Are you excited to align your objectives with our program? Connect with us now!