New Vulnerability Disclosure Programme

13th September 2021

Protecting Nominet’s registry services from attack is key to maintaining the high standard of service people expect – the newly adopted Vulnerability Disclosure Programme will help us achieve that. We are using an experienced third-party platform, HackerOne, with clear guidelines that will make it easy for security researchers to report vulnerabilities to us. The HackerOne service enables swift triage of any findings which will get escalated to Nominet for action. Researchers will get rewarded in status points on the platform for submitting valid vulnerability reports which will raise their profile and reputation.

CISO Cath Goulding says: “Security is critical at Nominet, so we always welcome information and reports from security researchers about any vulnerabilities in our systems and services. It will now be simpler and more consistent to do this using our new Vulnerability Disclosure Programme and related process. It’s intuitive and accessible, and it suits the way most security researchers make their disclosures, but makes sure reporting is done responsibly to avoid the risk of the information falling into the wrong hands.”