Recommended by industry and government leaders, VDPs are table stakes in the effort to increase application and data security.
Bug bounty programs may capture the majority of headlines in hacker-powered security today, but organizations must first open a channel for ethical hackers to alert them to potential vulnerabilities. It’s called a vulnerability disclosure policy (VDP), and it’s promoted extensively by voices as diverse as the U.S. Department of Justice to the European Commission to General Motors.
Why are these organizations so adamant about VDPs? Because they work and they protect assets. For example, the Department of Defense alone has received over 5,000 valid vulnerabilities through their VDP. That’s thousands of potentially exploitable vulnerabilities that would have gone unfixed had they not been reported. It’s no wonder they want everyone else to have one, too.
Download the guide to know learn what is a vulnerability disclosure policy and how you can launch your own.