CompTIA Security+ SY0-701 Practice Question
Your organization has just received a report from an independent security researcher, who claims to have discovered a vulnerability in one of your web applications. The researcher has provided detailed steps to reproduce the issue. What is the most appropriate initial response to this situation that aligns with responsible disclosure practices?
Ignore the report as it has not been verified by your internal security team yet.
Publicly thank the researcher on social media platforms to proactively manage public relations.
Acknowledge receipt of the report and assure the researcher that their findings are being investigated.
Immediately offer a reward to the researcher for finding the vulnerability.