Bug bounty platform urges need for firms to have vulnerability disclosure policy

Organisations should have a vulnerability disclosure policy to provide a proper channel for anyone to report security holes in their systems, says YesWeHack's Asia-Pacific head, who advocates this as more important than running bug bounty programmes.