SET UP YOUR VDP WITH YESWEHACK

A Vulnerability Disclosure Policy brings greater security and value to your organisation.

Here's how we can help you make it a reality:

01.
We help you compose your VDP content
01.
We help you compose your VDP content

/ YesWeHack guides each customer in specifying their Vulnerability Disclosure Policy (VDP), with models based on best practices: disclosure requirements & guidelines, legal protection (“safe harbor”) etc.

/ If a VDP has already been drawn up by the client, YesWehack reviews it and make recommendations.

02.
We provide you with a secure and own-brandable vulnerability report page
02.
We provide you with a secure and own-brandable vulnerability report page

/ The researcher is invited to provide information on the vulnerability through a secure online form.
This may include: name & scope of the vulnerability, CVSS score and impact, description, exploitation, PoC, risk, remediation etc.

/ This set-up reduces « noise » (irrelevant submissions) and improves reporting quality.

03.
Your VDP does not appear on YesWeHack platform
03.
Your VDP does not appear on YesWeHack platform

Other providers publish both VDP and Bug Bounty programs on the same platforms without making a clear enough distinction between the two approaches:

/ This can be confusing for researchers who would expect a reward for their efforts.

/ This confusion leads to the inflation of reports submitted to the organisation.

With YesWeHack, the client’s VDP is published on his domain and nowhere on our platform.

04.
You are in control of the information received through your VDP
04.
You are in control of the information received through your VDP

/ Our platform ensures end-to-end encryption of reports.

/ Our platform ensures the traceability of reports by anchoring the proof of deposit within a dedicated private blockchain.

 

05.
We automate report integration
05.
We automate report integration

/ Reports available on YesWeHack vulnerability management platform interface.

/ Seamless integration of the reports within Clients tools/workflows through YesWeHack API & connectors.

Optionally: reports triage (including interactions with researchers) by YesWeHack dedicated team

Ready?

To build your VDP with YesWeHack, please get in touch:
Close