Ensure that vulnerabilities fall into the right hands: yours.
Vulnerability Disclosure Program (VDP)
What is a Vulnerability Disclosure Program?
A VDP is a structured channel provided by an organization for anyone to report a digital security issue. Simply put, it’s a secure way for people to know where and how to report vulnerabilities to you.
Why VDP?
All systems will always have vulnerabilities. And sometimes they are discovered by well-meaning security researchers. Now, let’s say someone found one in your assets and wants to alert you
Here’s what will happen without a VDP
How do ethical hackers reach you?
Without clear guidelines, your security team’s contact is not easily identifiable.
Some may decide to reach a random department, such as your customer service.
Chances are they won’t understand anything, or that the report will rot forever in their emails without being forwarded to the right folks. Besides, an email isn’t really a safe way to deal with potentially critical vulnerabilities, and you expose yourself to leaks.
Worse, if you don’t respond, they may contact you publicly on social networks or post about the vulnerability on their blog.
That’s called Full Disclosure, and it comes with a PR and security crisis at the same time. Jackpot.
Best case scenario
Security researchers won’t do anything to warn you. Maybe because it’s too complicated, maybe because they’re afraid you’ll sue them. So you won’t know about the vulnerability, until the day it is exploited or sold by someone less well-intentioned.
Do yourself a favor, set up a VDP.
VDP in a nutshell
A VDP is a secure and structured channel to gather vulnerabilities, avoid leaks and reduce digital risks.
Having a VDP protects your brand and image. It’s a public commitment to better security. Build trust with security researchers, partners and customers alike.
It’s easy. We help you set up your VDP: scope, disclosure requirements, guidelines, legal and Safe Harbor clauses… We can even handle triage so you can focus on what really matters: remediation.
Centralize and manage vulnerabilities on the Yogosha platform, and streamline operations by connecting to your tools.
Our Operations
Discover More
