Vulnerability Disclosure Program (VDP)
How do you know if you're actually ready to start a vulnerability disclosure program?
Our assessment section will help you determine if you have everything you need to get started and help you identify and address missing pieces.
Get started
It is important to assess your current development team, processes, and bandwidth to ensure your company has the proper infrastructure in place to launch a successful vulnerability disclosure program (VDP). Our assessment guide outlines some of the most important aspects to consider before planning to launch a VDP.
It is important to assess your current development team, processes, and bandwidth to ensure your company has the proper infrastructure in place to launch a successful vulnerability disclosure program (VDP). Our assessment guide outlines some of the most important aspects to consider before planning to launch a VDP.
Stakeholder buy-in
You can be technically prepared for starting a VDP, but you still need organizational buy-in for your program to be successful. The following sections address how to achieve buy-in from various key stakeholders necessary to start and run your VDP.
Creating Your VDP
We’ve covered assessment and preparation of security best practices to prepare for running a VDP, as well as achieving organizational buy-in on the idea. Now, we’ll discuss how to create and set up your VDP, including defining your program policy, and ensuring you have the resources and processes necessary to launch and run your program.
Launching Your VDP
You’ve done a lot of work up to this point to identify and address gaps in your security program, get buy-in from your organization, allocate resources to help you run your program, and built a program policy and defined means of receiving vulnerability reports. It’s time to launch your VDP.
Play Academy
Need more help? Check out the Play Academy's interactive course. The online course supplements this content with interactive quizes, projects, and videos.