# O4.7 Invite security audits by third parties

{% tabs %}
{% tab title="Principle" %}
[O4 Assure data security by design ](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/principles/operational-principles/o4-assure-data-security-by-design)
{% endtab %}

{% tab title="Risk" %}
[RS2 Digital insecurity](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/risks/risks-to-safety)

[SV4 Technical shortcomings](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/risks/risks-to-structural-vulnerabilities)
{% endtab %}

{% tab title="Life Cycle Stage" %}
[L5 - Operations and Maintenance ](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/responsible-authorities/r3-donor/l5-operations-and-maintenance)
{% endtab %}
{% endtabs %}

## Practice

* Conduct regular security audits, red teaming exercises, and bug bounty programmes to ensure the continued robustness and security of underlying frameworks.
* Setting clear objectives, engaging skilled ethical hackers, and simulating real-world attacks to test defenses, followed by a thorough debrief to improve security measures.
* Define the scope of eligible systems, selecting a platform or creating an internal submission system, establishing a tiered reward structure for vulnerabilities, and implementing a triage process to review and address findings.
* Continuously monitor and adapt these practices based on feedback and emerging threats.

## Resources

<table data-view="cards"><thead><tr><th></th><th></th><th></th></tr></thead><tbody><tr><td><mark style="color:yellow;"><strong>References</strong></mark></td><td><a href="https://openfuture.eu/wp-content/uploads/2022/12/TowardsPublicDigitalInfrastructure_v0.2.pdf">TOWARDS PUBLIC DIGITAL INFRASTRUCTURE: A PROPOSED GOVERNANCE MODEL</a></td><td></td></tr><tr><td></td><td></td><td></td></tr></tbody></table>