Vulnerability Disclosure Program

A vulnerability disclosure program, or VDP, helps organizations receive and manage security reports from external researchers without necessarily offering rewards. It defines how vulnerabilities should be reported, what systems are in scope, how communication will happen, and what legal protections may apply. For enterprises, a VDP improves responsible disclosure, reduces unstructured reporting risk, supports compliance expectations, and builds trust with the security research community.