Vulnerability Disclosure Program and Organizational Security Culture: Aligning Incentives for Proactive Threat Management in India

Vulnerability Disclosure Programs (VDPs) are essential for strengthening cybersecurity in the digital era, offering organizations a proactive approach to identify and mitigate security flaws. In India, the adoption of VDPs has gained momentum, driven by the rapid digitization of public and private sectors, increased cyberattacks, and a growing pool of ethical hackers. However, implementing VDPs in India presents unique challenges. These include limited awareness among organizations, a fragmented legal and regulatory framework, concerns around liability and researcher protection, and inadequate incentives for ethical hackers. Additionally, cultural hesitance to disclose vulnerabilities, coupled with the lack of a coordinated strategy, hampers the effectiveness of such programs. This paper examines the state of VDPs in India, analyzing their adoption, operational challenges, and the socio-technical barriers faced by organizations and researchers. It also highlights case studies, regulatory gaps, and recommendations for creating a cohesive framework that fosters collaboration, legal clarity, and scalability to strengthen India’s cybersecurity landscape.