-
Announcing the Security Partner Program Pack v1
Introduction I have built several security partner programs at companies such as Box Inc. and Coinbase, with over 8 years of experience leading them. I have consistently observed the benefits of a partner-focused model…
-
Announcing the Incident Response Program Pack v1.5
This release is to provide you with everything you need to establish a functioning security incident response program at your company. In this pack, we cover Definitions: This document introduces sample terminology and roles…
-
Announcing the External Penetration Testing Program Pack v1.1
This release contains everything you need to scope your first pentest, work with a vendor, execute, and get the types of reports you need from an external tester. This will enable you to perform…
-
Minor Updates: Vulnerability Management Program Pack v1.2
See UPDATES for a detailed list of changes since the initial release. In this pack, we cover: Vulnerability Level Definitions: This document outlines vulnerability severity levels to help your company consistently evaluate and prioritize discovered…
-
Available Security Programs Security Partners (new) The goal of this program pack is to provide you with minimal information to establish a functioning, and impactful security partner program. This will enable you to…
-
Using Sectemplates?
I’d love to hear how you’re using it personally, or at your company. Hearing this feedback lets me know what’s working well, vs may need some enhancements. Please fill out the comment form below…
-
Announcing the Security Exceptions program pack 1.0
Introduction Every company establishes processes to identify security vulnerabilities, prioritize them, develop solutions, and, in some cases, strategically accept risk either temporarily or permanently. Security exceptions are closely tied to vulnerability management and involve…
-
Minor Updates: Vulnerability Management Program Pack v1.1
Made two updates to the vuln management pack Formatting related Copy/paste error in reporting requirements corrected. GitHub: https://github.com/securitytemplates/sectemplates/tree/main/vulnerability-management/v1 Updates: https://github.com/securitytemplates/sectemplates/blob/main/vulnerability-management/v1/UPDATES.md Vulnerability Management v1 Announcement: /2024/08/announcing-the-vulnerability-management-program-pack-10.html
-
Minor Updates: Bug Bounty Program Pack v1.1
Made two updates to the bug bounty pack to clarify researcher payouts, and a small disclaimer on not kicking off a bounty as your first security step. GitHub: https://github.com/securitytemplates/sectemplates/tree/main/bug-bounty/v1 Updates: https://github.com/securitytemplates/sectemplates/blob/main/bug-bounty/v1/UPDATES.md Bug Bounty…
-
Announcing the Vulnerability Management program pack 1.0
Introduction Several times in my enterprise security career I experienced challenges when it came to security defect/vulnerability handling and management. When I joined eBay in 2006, the security team was fairly small and I…