Managed Vulnerability Disclosure Program (VDP)
The smarter VDP
An unmanaged VDP can quickly overwhelm your team with low-quality reports and false positives. Intigriti’s Managed VDP provides the safe harbor researchers need, plus the expert triage you want. We provide fully validated vulnerabilities, enabling your team to act fast and focus on patching, not sifting through the noise.
Our clients include
The clear solution for vulnerability management
Build customer trust, stay ahead of rising compliance requirements and get access to powerful features with Intigriti's managed Vulnerability Disclosure Program, including:
Capture vulnerability submissions in one place.
Manage vulnerability disclosures with templates and automated workflows.
Analytics to continuously improve your organisation's security posture.
Key benefits at a glance
Uncover threats
Allow submissions from security researchers.
Be compliant
Develop audit procedures while complying with ever-changing regulations.
A single truth
Manage all your vulnerability disclosures in one place.
How does Intigriti VDP work?
Intigriti’s Vulnerability Disclosure Program delivers impactful results.
Create a policy on your website
Getting started with Intigriti VDP is easy. Either add a link on your website or in your security.txt file.
Record everything in one place
If a security researcher finds a vulnerability, they can quickly log a report. This will send the security researcher to a program page outlining the legal framework and submission procedure.
Validate, triage and prioritize
Once the submission is in, you can prioritize the submission with the platform giving your team full visibility throughout the process.
Analyze and improve
Intigriti's dashboards make reporting and benchmarking your responses easy, enabling you to spot patterns and trends over time.
The pathway to meeting your organisation’s compliance needs
Our solution can simplify compliance processes required for ISO/IEC 27001, PCI DSS, NIST, and GDPR by providing a streamlined platform for you to receive and respond to security vulnerability reports safely and effectively.
By integrating our solution into your business operations, you’re not just ticking off a compliance box but also fortifying your organization's security posture, thereby enhancing your reputation and earning the trust of stakeholders.
With Intigriti VDP, compliance becomes less about adherence to regulations and more about boosting your business's credibility and resilience.
Request a demo
Our bug bounty is an important way of scaling our security program while the company grows. With so many companies in our organization, gathering information about all the assets, products, and infrastructure on our attack surface can be challenging.
Ioana Piroska
Bug Bounty Program Manager
Looking for something more comprehensive?
Learn more about live hacking events and discover the full range of Intigriti’s solutions:
The Ethical Hacker Insights Report 2024
Our annual survey of our hacking community, giving a key overview into the who, what and why of bug bounties.
Live hacking events
Get the insider’s scoop on what you can expect from a group hacking event, as well as the reasons for running such a gathering.
Frequently asked questions
A VDP is a channel for anyone, including. researchers, users, and partners, to report security issues when they notice them, without being afraid of legal repercussions. There is no promise for a reward, but a thank you is appreciated. In our experience, beginner to intermediate security researchers tend to focus on VDPs, whereas bug bounties attract more experienced hacking talent.
View the full list of VDP features, here.
VDPs work on the policy of ‘see something, say something’, whereas Bug Bounty Programs are designed for researchers to actively search for bugs. VDPs offer no promise of a reward, whereas Bug Bounty Programs provide continuous security testing by incentivizing the community through bounties. The size of the reward depends on impact (severity).
View the full list of difference between BB and VDP, here.
A VDP provides a clear, safe way for anyone, researcher or not, to report vulnerabilities responsibly. A Bug Bounty actively incentivizes skilled researchers to hunt for high-impact issues. Together, they ensure broader coverage, encourage responsible disclosure, and allow companies to prioritize real security problems.
Read about how to pair them, here.
A VDP protects both the researcher and the user by setting out clear rules on how findings should be reported. VDPs provide a clear and secure channel for the disclosure of vulnerabilities, encouraging external parties to report rather than publicly disclose vulnerabilities. This element assures researchers that if they act in good faith and within the program’s guidelines, they will not face legal repercussions. The result is that researchers feel safe to report vulnerabilities without fear of legal action.
Read more about the benefits of a VDP, here.
Yes. Intigriti’s platform integrates into current workflows by providing a secure, central location for receiving, validating, and managing bug reports, which helps streamline existing security operations.
Read more about integrations, here.
