Vulnerability Disclosure Policy (VDP)
Products
Information
VDP is a channel for an organization to receive vulnerability reports from anyone, including cybersecurity researchers – in a clear, structured and secure manner.
- A VDP provides a framework and workflow for organizations to effectively manage these reports.
- VDP is detailed by ISO 29147 and ISO 30111, and actively promoted by regulators and institutions such as NIST, ENISA, OECD.
YesWeHack provides you with a complete solution, customizable to your website/brand, allowing you to build and publish your VDP, including a secure vulnerability reporting form.
A VDP implemented and managed by YesWeHack, will:
- Provide a clear framework for response: 1/ Improve the quality of submitted reports and 2/ Limit "noise", i.e. the number of "irrelevant" submissions.
- Ensure secure exchanges between the researcher and the organization – notably in terms of non-repudiation and especially in terms of confidentiality.
- Facilitate the management of reports internally – in particular, it enables the integration of the reports' data into the organization's internal tools and workflows.