Among the many best practices for security professionals is to have some form of model for handling inbound vulnerability reporting. That is, if someone is able to find a bug or exploit in product or service, is the company that is vulnerable able to actually respond to a researcher and know what to do with a report. It’s a topic that security industry luminary Katie Moussouris, Chief Policy Officer at HackerOne is well versed in as the author of the Vulnerability Coordination Maturity Model.