CompTIA CySA+ CS0-003 Practice Question
You are managing a bug bounty program for a financial services institution. A researcher submits a report detailing a vulnerability that allows unauthorized access to customer accounts by exploiting an insecure API endpoint. What is the first recommended action you should take in handling this report?
Inform the researcher that you will get back to them after further assessment.
Validate the vulnerability to confirm if it is legitimate.
Publicly disclose the issue to alert customers.
Reward the researcher for identifying the vulnerability.