is*hosting’s Public Vulnerability Disclosure Program: Strengthening Internet Security

Internet security is an issue that is becoming more heated every year, with an increasing risk of cyberattacks. In 2023 alone, businesses faced unprecedented challenges from data breaches, ransomware, and service interruptions. In response to these growing threats, is*hosting is proud to announce the launch of the Vulnerability Disclosure Program (VDP) on the HackerOne platform — a proactive step toward securing our systems and contributing to a safer internet for everyone.

What is the Vulnerability Disclosure Program?

In the early days of the Internet, there were no formal mechanisms for reporting security vulnerabilities. Researchers often reported vulnerabilities directly to the affected vendors, who may or may not have taken action to fix them. This led to several high-profile security incidents, such as the Morris Worm in 1988 and the Code Red Worm in 2001.

In response to these incidents, some organizations began to establish their VDPs. These early programs were often informal and ad hoc, but they were an essential step in improving the security of software and services.

In the mid-2000s, several industry organizations began developing standards for VDPs. These standards helped improve the consistency and effectiveness of VDPs and encouraged more organizations to adopt them. As a result of these efforts, VDPs have become increasingly common in recent years. Today, most major software and service providers have a VDP in place.

Why is the VDP Important?

Hosting providers like is*hosting are critical in the internet ecosystem. All the websites, apps, and projects hosted on our platform need a secure infrastructure to work properly. By launching our public VDP, we're inviting cybersecurity researchers to help us find and fix potential problems, making the hosting environment — and, by extension, the internet — more secure.

According to the Annual Data Breach Report, 2023 saw a 72% increase in data breaches compared to 2021, which held the previous all-time record. Vulnerability disclosure programs are more critical than ever. These programs let companies work with security pros to find and fix security issues before they can be exploited.

How Does is*hosting's VDP Work?

The primary goal of the is*hosting VDP is to encourage responsible reporting of vulnerabilities that could potentially affect the integrity and security of our systems or our customers' data. By fostering a cooperative environment, we aim to strengthen our infrastructure and maintain the trust of our users. Below are the key pillars that outline what our program entails:

Open Collaboration

We invite cybersecurity researchers worldwide to partner with us by submitting reports of potential vulnerabilities they discover in our hosting systems. This initiative is not limited to critical flaws - any report, whether it highlights a minor vulnerability or a significant security hole, is valuable to us. Our approach encourages various experts to contribute, enriching the security process with diverse perspectives and innovative solutions.

Through open collaboration, is*hosting aims to harness the security community's collective intelligence, thereby increasing the scope and effectiveness of our defense strategies. 

Focus on Transparency

Transparency is a core value at is*hosting. Unlike organizations that may choose to hide vulnerabilities or manage them behind closed doors, we believe in a policy of openness. When vulnerabilities are reported through our VDP on the HackerOne platform, we commit to promptly and efficiently addressing them. This proactive stance ensures that potential threats are neutralized and assures customers that their security is prioritized.

Our transparent processes include communicating with researchers about the status of their reports and ensuring that customers are informed of updates that enhance their protection. We strive to build a strong foundation of trust with our clients and researchers by upholding the principle of openness.

A Safer Internet for Everyone

The importance of securing the hosting infrastructure goes beyond the immediate interests of is*hosting or our customers. When vulnerabilities in our platform are found and fixed, the ripple effect is felt throughout the online ecosystem. This contribution helps to mitigate risks that could otherwise cascade into more significant threats affecting many users and businesses.

Our mission with the VDP aligns with a broader vision: to create a safer Internet for everyone. Enhanced hosting security supports more secure web applications, protects user data, and reduces the opportunities for cybercriminals to exploit vulnerabilities. Whether for individual users or large enterprises, a robust hosting environment raises the standard of online security for everyone.

Why Hosting Security Matters for the Internet

Hosting providers are at the heart of the internet. Any vulnerability in a hosting provider's infrastructure can lead to severe consequences.

You only have to look at some of the high-profile security breaches of the past few years — such as the Facebook breach, which exposed the records of 540 million users, or the LinkedIn breach, which affected 700 million users — to understand the critical importance of solid hosting security, including zero-day strategy and other techniques on server security. Vulnerabilities in hosting platforms often serve as gateways for larger attacks, which is why we are committed to continuous security improvements.

The Role of Security Researchers

We understand that no system is perfect. That's why we've opened our platform to the global security community. Only by working together can we achieve real results. This collaboration aligns with our philosophy of proactive security — by identifying potential vulnerabilities early, we can address them before they become major threats.

Participating in the VDP is an opportunity for researchers to make a tangible impact on Internet security, helping protect online services that millions rely on daily. It's not just about identifying problems - it's about working together to create a safer digital world.

Conclusion

Launching is*hosting’s vulnerability disclosure program marks a significant step forward in our commitment to security and transparency. We invite all cybersecurity researchers to participate in this program to secure our services and contribute to the broader goal of a safer internet.

To encourage cybersecurity professionals to report vulnerabilities in our infrastructure responsibly, is*hosting has established a simple process for participating in our vulnerability disclosure program. Before submitting a report, please thoroughly read and understand the VDP rules. We have compiled the necessary information for you on one page.

Ready to get involved? Join is*hosting’s VDP here.