CompTIA CySA+ CS0-003 Practice Question
You are managing a bug bounty program for a financial services institution. A researcher submits a report detailing a vulnerability that allows unauthorized access to customer accounts by exploiting an insecure API endpoint. What is the first recommended action you should take in handling this report?
Publicly disclose the issue to alert customers.
Inform the researcher that you will get back to them after further assessment.
Validate the vulnerability to confirm if it is legitimate.
Reward the researcher for identifying the vulnerability.