How To Use HackerOne’s Global Vulnerability Policy Map

October 14, 2024 Michael Woolslayer

To help organizations keep up with the shifting landscape of VDP mandates and recommendations, HackerOne has developed the Global Vulnerability Policy Map, an interactive map-based tracker. Users can see at a glance where VDPs are required, recommended, or announced but not yet implemented and click into each jurisdiction for more information.

Global Vulnerability Policy Map


Scrolling down to the table will show the basic information about each applicable policy. We’ve put together a bit of a primer on the table fields below to help users navigate the high-level policy table.

 

Field Definitions

Jurisdiction

The jurisdiction that the requirement or recommendation applies to. This is often a country, but it can also be a regional body like the European Union or international (as is the case for some of the standards).

Region

The geographic region in which the jurisdiction is located.

Requirement

Indicates if a particular entry is a requirement or a recommendation.

Policy

The title of the standard, regulation, or law that contains the VDP requirement or recommendation.

Applies to

Many of the listed requirements and recommendations are applicable to a particular type of organization (e.g., IoT device manufacturers).

Users can expand any entry with a click, which will also show the relevant text and provide a link to the original source material.  

VDP Policy information

 

Stay On Top of Evolving Requirements

We will periodically update the map and table to help keep organizations aware of the vulnerability disclosure landscape as standards, regulations, and laws increasingly incorporate VDPs. 

If you are looking for help to comply with a new requirement, align with a new recommendation, or adopt a cost-effective security best practice, HackerOne Response provides all the tools needed to launch a successful VDP from a single platform. Our out-of-the-box setup makes it easy to establish a vulnerability disclosure workflow for continuous security. Choose the best option to fit your team’s security goals:

  • Essential: Start with a free self-serve VDP solution to follow best practices and help meet compliance mandates.
  • Professional: Elevate vulnerability disclosure with advanced features and reporting for proactive security measures.
  • Enterprise: Ensure enterprise-grade security and compliance with customizable solutions, dedicated support, and extensive integrations.

Contact us to discover which VDP plan is right for your organization and get your VDP started today.

Organizations are solely responsible for determining if HackerOne Response satisfies their applicable legal and regulatory obligations.

Previous Article
Vulnerability Deep Dive: Gaining RCE Through ImageMagick With Frans Rosen
Vulnerability Deep Dive: Gaining RCE Through ImageMagick With Frans Rosen

The file upload vulnerability type is as broad in scope as the number of different file types. These vulner...

Next Article
European Council Adopts Cyber Resilience Act
European Council Adopts Cyber Resilience Act

The CRA will be a game-changing regulation for software and connected product security. The CRA imposes cyb...