Don’t hate the hacker - hate the vulnerability!

�鶹��ý

Issues [1]
At �鶹��ý, our work spans across five issue areas—each essential to building a nation and a world where everyone can thrive.
Education & Work

Education & Work

Democratic Futures

Democratic Futures

Global Security

Global Security

Technology & Democracy

Technology & Democracy

Thriving Families

Thriving Families
Latest [2]
Trending Topics

Democracy

National Security

Artificial Intelligence (AI)

Immigration & Global Migration

See The Latest
Real Skills, Real Income: Why Youth Apprenticeship Is Resonating Now

Real Skills, Real Income: Why Youth Apprenticeship Is Resonating Now

Future-Proofing U.S. Nuclear Policy: Forecasting Outcomes of the Nuclear-Armed Sea-Launched Cruise Missile

Future-Proofing U.S. Nuclear Policy: Forecasting Outcomes of the Nuclear-Armed Sea-Launched Cruise Missile

Debunking Myths on Student Parent Data Collection

Debunking Myths on Student Parent Data Collection

The App Store Accountability Act Poses Serious Concerns for Privacy, Security, and Free Expression

The App Store Accountability Act Poses Serious Concerns for Privacy, Security, and Free Expression
Impact [3]

For over 25 years, �鶹��ý’s insights and policy solutions have helped usher in sweeping, long-term change. Discover how we have turned bold ideas into real-world impact.

See Our Impact

Redrawing School Boundaries for Fairer Funding

Redrawing School Boundaries for Fairer Funding

Reframing Fusion Voting as a Practical, Powerful Reform Strategy

Reframing Fusion Voting as a Practical, Powerful Reform Strategy

Harnessing Terrorism Data to Reshape U.S. National Security Policy

Harnessing Terrorism Data to Reshape U.S. National Security Policy

Establishing a National Housing Loss Rate

Establishing a National Housing Loss Rate
Fellows [4]
For more than 25 years, �鶹��ý has supported hundreds of fellows as they pursue ambitious work. Through our flagship Fellows Program and specialized fellowships, we back ideas rooted in depth, rigor, and lasting relevance.

See All Fellowships
�鶹��ý Fellows

The �鶹��ý Fellows Program supports thinkers, creators, and storytellers whose work shapes public conversation on the defining issues of our time.
Us@250 Fellowship

Learning Sciences Exchange (LSX) Fellowship

Future Security Fellowships
Events [5]

�鶹��ý hosts various in-person, virtual, and hybrid events. Join the conversation.

See Our Events

Apr 21, 2026
The Fifth Pillar: Where Higher Ed Goes from Here

The Fifth Pillar: Where Higher Ed Goes from Here

Apr 22, 2026
Screen People

Screen People

Apr 23, 2026
A New Fellowship to Foster Journalism Around Education, Economic Development, and the Future of Work

A New Fellowship to Foster Journalism Around Education, Economic Development, and the Future of Work

Apr 27, 2026
How Did Philadelphia Become a World Cup City?

How Did Philadelphia Become a World Cup City?
�鶹��ý [6]
Generating big ideas and bold solutions for a new America.

Learn �鶹��ý Us
�鶹��ý Us

Who We Are

Leadership

Programs, Projects, and Initiatives

Careers

Funding

Press
Search
Subscribe
Donate

In Short

Don’t hate the hacker – hate the vulnerability!

Organizations need to be ready to receive and act on reports of security problems, not ignore them

Sep 22, 2015

Katie Moussouris

View as PDF

Today, HackerOne (where I am the Chief Policy Officer) released the , which is designed to help organizations improve the way they respond to reports about security holes in their software or services. It was created as a benchmarking tool for organizations to , and build a roadmap to improve their vulnerability coordination with both security researchers as well as other partners and stakeholders.

The maturity model is organized around five capability areas that determine an organization’s maturity level with respect to vulnerability coordination, such as whether the company is organizationally set up to receive reports by having either a “security@company.com” email address or a form, and how it handles vulnerability reports from there.

The Vulnerability Coordination Maturity Model describes several key activities in each capability area that range from basic to advanced to expert. The greater the investment in any particular area, the greater the potential ability to use the information about software bugs to help make current and future software more secure proactively.

No software is immune to bugs. For most organizations it’s not a matter of if they’ll have an external party reporting security vulnerabilities, but when. Being able to properly handle vulnerability reports means organizations will find and fix issues faster.

More �鶹��ý the Authors

Katie Moussouris

�鶹������ý

Education & Work

Democratic Futures

Global Security

Technology & Democracy

Thriving Families

Real Skills, Real Income: Why Youth Apprenticeship Is Resonating Now

Future-Proofing U.S. Nuclear Policy: Forecasting Outcomes of the Nuclear-Armed Sea-Launched Cruise Missile

Debunking Myths on Student Parent Data Collection

The App Store Accountability Act Poses Serious Concerns for Privacy, Security, and Free Expression

Redrawing School Boundaries for Fairer Funding

Reframing Fusion Voting as a Practical, Powerful Reform Strategy

Harnessing Terrorism Data to Reshape U.S. National Security Policy

Establishing a National Housing Loss Rate

�鶹������ý Fellows

The Fifth Pillar: Where Higher Ed Goes from Here

Screen People

A New Fellowship to Foster Journalism Around Education, Economic Development, and the Future of Work

How Did Philadelphia Become a World Cup City?

More �鶹������ý the Authors

Katie Moussouris

Issues

Programs/Projects/Initiatives

Topics

Related

Visit digichina.stanford.edu for new and updated DigiChina publications

How will China’s privacy law apply to the Chinese state?

Personal Data, Global Effects: China’s Draft Privacy Law in the International Context

China’s AI Efforts Suggest Tactics in New ‘Self-Reliance’ Push

Don’t hate the hacker – hate the vulnerability!

�鶹��ý

�鶹��ý Fellows

More �鶹��ý the Authors