Vulnerability Disclosure Policy (VDP)

VDP is a channel for an organization to receive vulnerability reports from anyone, including cybersecurity researchers – in a clear, structured and secure manner. - A VDP provides a framework and workflow for organizations to effectively manage these reports. - VDP is detailed by ISO 29147 and ISO 30111, and actively promoted by regulators and institutions such as NIST, ENISA, OECD. YesWeHack provides you with a complete solution, customizable to your website/brand, allowing you to build and publish your VDP, including a secure vulnerability reporting form. A VDP implemented and managed by YesWeHack, will: - Provide a clear framework for response: 1/ Improve the quality of submitted reports and 2/ Limit "noise", i.e. the number of "irrelevant" submissions. - Ensure secure exchanges between the researcher and the organization – notably in terms of non-repudiation and especially in terms of confidentiality. - Facilitate the management of reports internally – in particular, it enables the integration of the reports' data into the organization's internal tools and workflows.