A Vulnerability Disclosure Policy (VDP) is the first step in helping protect your company from an attack or premature vulnerability release to the public. It's a best practice and a regulatory expectation. It gives hackers and security researchers clear guidelines for reporting security vulnerabilities to the proper person or team responsible. The HackerOne platform has revolutionized VDPs to make it easy to work directly with trusted hackers to resolve critical security vulnerabilities.
HackerOne pioneered responsible disclosure. Our VDP structure is based on the recommended practice outlined in the Cybersecurity Framework by the National Institute of Standards and Technology (NIST). Since 2012, HackerOne has partnered with thousands of organizations to unlock the security value of the global hacking community. Now, HackerOne has become the first hacker-powered security vendor to receive FedRAMP authorization.
The Power of Policy
Vulnerability disclosure policies direct energy and attention into improving the safety and security of systems and software for the overall population. An effective VDP ensures:
- Hacker-powered testing conforms to your organization’s needs
- Submissions arrive in a consistent format through an approved channel
- Vulnerability reports integrate with existing workflows
Adhere to Best Practices
Security forerunners like the US Department of Defense have used hacker-powered programs for years to safely identify vulnerabilities. Through their partnership with HackerOne, VDP has become best practice for these organizations, guiding the way they work with (and accept submissions from) ethical hackers.