To help organizations keep up with the shifting landscape of VDP mandates and recommendations, HackerOne has developed the Global Vulnerability Policy Map, an interactive map-based tracker. Users can see at a glance where VDPs are required, recommended, or announced but not yet implemented and click into each jurisdiction for more information.
Scrolling down to the table will show the basic information about each applicable policy. We’ve put together a bit of a primer on the table fields below to help users navigate the high-level policy table.
Field Definitions
Jurisdiction | The jurisdiction that the requirement or recommendation applies to. This is often a country, but it can also be a regional body like the European Union or international (as is the case for some of the standards). |
Region | The geographic region in which the jurisdiction is located. |
Requirement | Indicates if a particular entry is a requirement or a recommendation. |
Policy | The title of the standard, regulation, or law that contains the VDP requirement or recommendation. |
Applies to | Many of the listed requirements and recommendations are applicable to a particular type of organization (e.g., IoT device manufacturers). |
Users can expand any entry with a click, which will also show the relevant text and provide a link to the original source material.
Stay On Top of Evolving Requirements
We will periodically update the map and table to help keep organizations aware of the vulnerability disclosure landscape as standards, regulations, and laws increasingly incorporate VDPs.
If you are looking for help to comply with a new requirement, align with a new recommendation, or adopt a cost-effective security best practice, HackerOne Response provides all the tools needed to launch a successful VDP from a single platform. Our out-of-the-box setup makes it easy to establish a vulnerability disclosure workflow for continuous security. Choose the best option to fit your team’s security goals:
- Essential: Start with a free self-serve VDP solution to follow best practices and help meet compliance mandates.
- Professional: Elevate vulnerability disclosure with advanced features and reporting for proactive security measures.
- Enterprise: Ensure enterprise-grade security and compliance with customizable solutions, dedicated support, and extensive integrations.
Contact us to discover which VDP plan is right for your organization and get your VDP started today.
Organizations are solely responsible for determining if HackerOne Response satisfies their applicable legal and regulatory obligations.