Vulnerability Disclosure Policy (VDP)

Join us and be hackproof!


Benefits of the VDP

  • Anyone who finds a vulnerability on your website can report it using the process description.

  • It provides a legal backdrop for ethical hackers to alert the company to the vulnerabilities they find.

  • Defines precise rules and procedures that optimize efficiency.

  • Helps to share the vulnerabilities accross EU members and CSIRTs.

The Vulnerability Disclosure Policy (or VDP) is an essential requirement to reach NIS2 directive compliance. This document that describes the detailed process for reporting and managing security vulnerabilities.

Then choose

  • If your company has to reach NIS2 compliance and you do not currently have such a policy in place, and the security of your company’s services is important to you.

  • You need the help of experienced security professionals who will prepare the document for you and, if necessary, operate the process for you.

  • If you’ve received such reports or e-mails but didn’t know how to handle them.

The VDP helps to manage vulnerabilities securely and transparently and to improve the security culture by encouraging external parties to find vulnerabilities.

As part of our service, in addition to helping you prepare the document, we can fully manage the process so that no additional resources are required to validate reports and communicate with the researcher.

In the spirit of compliance

Cybersecurity is an ever-changing trend that has received a lot of attention recently. This is demonstrated by emerging legislation, directives, and updated standards. These include requirements for the preparation and publication of VDPs and regular vulnerability testing.

One example is the European Union’s NIS2 Directive, which requires critical organizations to have a mandatory Vulnerability Disclosure Policy. But the revised edition of ISO/IEC 27001 also reflects the importance of vulnerability management.

How it works

  • Creation

    We help you create a VDP with international professional recommendations, including a description of the necessary processes, rules, and legal framework for handling vulnerability reports.

  • Publication

    We publish the completed document on the company's website and provide a reporting platform for submitting vulnerabilities as part of the managed service.

  • Validation

    Reports received through our platform are verified so that only valid, correct reports are forwarded to our customers.

  • Correction

    Based on the report, the vulnerability is investigated and remediated, with our colleagues providing professional advice to our customers.

  • Close

    We will close the process for a report according to the procedures set out in the VDP. If necessary, we will keep in contact with the researcher and handle the payment of any rewards.