Michael Woolslayer
Policy Counsel

How To Use HackerOne’s Global Vulnerability Policy Map

Global Vulnerability Policy Map

Thousands of organizations have already adopted vulnerability disclosure programs (VDPs) because they work. They are a proven and fundamental best practice that reduces cybersecurity risk. Governments and standards bodies have globally recognized the importance of this best practice, but it’s hard to keep track of these continually evolving requirements.

To help organizations keep up with the shifting landscape of VDP mandates and recommendations, HackerOne has developed the Global Vulnerability Policy Map, an interactive map-based tracker. Users can see at a glance where VDPs are required, recommended, or announced but not yet implemented and click into each jurisdiction for more information.

Global Vulnerability Policy Map


Scrolling down to the table will show the basic information about each applicable policy. We’ve put together a bit of a primer on the table fields below to help users navigate the high-level policy table.

 

Field Definitions

Jurisdiction

The jurisdiction that the requirement or recommendation applies to. This is often a country, but it can also be a regional body like the European Union or international (as is the case for some of the standards).

Region

The geographic region in which the jurisdiction is located.

Requirement

Indicates if a particular entry is a requirement or a recommendation.

Policy

The title of the standard, regulation, or law that contains the VDP requirement or recommendation.

Applies to

Many of the listed requirements and recommendations are applicable to a particular type of organization (e.g., IoT device manufacturers).

Users can expand any entry with a click, which will also show the relevant text and provide a link to the original source material.  

VDP Policy information

 

Stay On Top of Evolving Requirements

We will periodically update the map and table to help keep organizations aware of the vulnerability disclosure landscape as standards, regulations, and laws increasingly incorporate VDPs. 

If you are looking for help to comply with a new requirement, align with a new recommendation, or adopt a cost-effective security best practice, HackerOne Response provides all the tools needed to launch a successful VDP from a single platform. Our out-of-the-box setup makes it easy to establish a vulnerability disclosure workflow for continuous security. Choose the best option to fit your team’s security goals:

  • Essential: Start with a free self-serve VDP solution to follow best practices and help meet compliance mandates.
  • Professional: Elevate vulnerability disclosure with advanced features and reporting for proactive security measures.
  • Enterprise: Ensure enterprise-grade security and compliance with customizable solutions, dedicated support, and extensive integrations.

Contact us to discover which VDP plan is right for your organization and get your VDP started today.

Organizations are solely responsible for determining if HackerOne Response satisfies their applicable legal and regulatory obligations.

The 8th Annual Hacker-Powered Security Report

HPSR blog ad image