Vulnerability Disclosure Program (VDP)

Ensure that vulnerabilities fall into the right hands: yours.

What is a Vulnerability Disclosure Program?

A VDP is a structured channel provided by an organization for anyone to report a digital security issue. Simply put, it’s a secure way for people to know where and how to report vulnerabilities to you.

Why VDP?

All systems will always have vulnerabilities. And sometimes they are discovered by well-meaning security researchers. Now, let’s say someone found one in your assets and wants to alert you

Here’s what will happen without a VDP

How do ethical hackers reach you?

Without clear guidelines, your security team’s contact is not easily identifiable.

Some may decide to reach a random department, such as your customer service.

Chances are they won’t understand anything, or that the report will rot forever in their emails without being forwarded to the right folks. Besides, an email isn’t really a safe way to deal with potentially critical vulnerabilities, and you expose yourself to leaks.

Worse, if you don’t respond, they may contact you publicly on social networks or post about the vulnerability on their blog.

That’s called Full Disclosure, and it comes with a PR and security crisis at the same time. Jackpot.

Best case scenario

Security researchers won’t do anything to warn you. Maybe because it’s too complicated, maybe because they’re afraid you’ll sue them. So you won’t know about the vulnerability, until the day it is exploited or sold by someone less well-intentioned.

Do yourself a favor, set up a VDP.

VDP in a nutshell

A VDP is a secure and structured channel to gather vulnerabilities, avoid leaks and reduce digital risks.
Having a VDP protects your brand and image. It’s a public commitment to better security. Build trust with security researchers, partners and customers alike.
Vulnerability Disclosure Program (VDP) Logo
It’s easy. We help you set up your VDP: scope, disclosure requirements, guidelines, legal and Safe Harbor clauses… We can even handle triage so you can focus on what really matters: remediation.
Centralize and manage vulnerabilities on the Yogosha platform, and streamline operations by connecting to your tools.

Set up a VDP with Yogosha.