SET UP YOUR VDP WITH YESWEHACK

/ YesWeHack guides each customer in specifying their Vulnerability Disclosure Policy (VDP), with models based on best practices: disclosure requirements & guidelines, legal protection (“safe harbor”) etc.

/ If a Vulnerability Disclosure Policy (VDP) has already been drawn up by the client, YesWehack reviews it and make recommendations.

/ The researcher is invited to provide information on the vulnerability through a secure online form.
This may include: name & scope of the vulnerability, CVSS score and impact, description, exploitation, PoC, risk, remediation, etc.

/ This set-up reduces « noise » (irrelevant submissions) and improves reporting quality.

Other providers publish both VDP and Bug Bounty programs on the same platforms without making a clear enough distinction between the two approaches:

/ This can be confusing for researchers who would expect a reward for their efforts.

/ This confusion leads to the inflation of reports submitted to the organisation.

With YesWeHack, the client’s VDP is published on his domain and nowhere on our platform.

/ Our platform ensures end-to-end encryption of reports.

/ Our platform ensures the traceability of reports by anchoring the proof of deposit within a dedicated private blockchain.