Vulnerability Disclosure Program (VDP)

No organization has perfect security. Security and privacy are tantamount to user trust in your app, but breaches occur daily. There’s never enough time or resources to secure everything. What do you do? Imagine if you could tap into the knowledge of hundreds of security researchers, all helping you identify vulnerabilities in your apps. You could find and fix vulnerabilities as they are introduced into production, helping reduce the risk of security incidents. You can also use this data to find root causes of vulnerabilities and make overarching improvements to your security program.

How do you know if you’re actually ready to start a vulnerability disclosure program?

Our assessment section will help you determine if you have everything you need to get started and help you identify and address missing pieces.

Get started

It is important to assess your current development team, processes, and bandwidth to ensure your company has the proper infrastructure in place to launch a successful vulnerability disclosure program (VDP). Our assessment guide outlines some of the most important aspects to consider before planning to launch a VDP.
It is important to assess your current development team, processes, and bandwidth to ensure your company has the proper infrastructure in place to launch a successful vulnerability disclosure program (VDP). Our assessment guide outlines some of the most important aspects to consider before planning to launch a VDP.
You can be technically prepared for starting a VDP, but you still need organizational buy-in for your program to be successful. The following sections address how to achieve buy-in from various key stakeholders necessary to start and run your VDP.
We’ve covered assessment and preparation of security best practices to prepare for running a VDP, as well as achieving organizational buy-in on the idea. Now, we’ll discuss how to create and set up your VDP, including defining your program policy, and ensuring you have the resources and processes necessary to launch and run your program.
You’ve done a lot of work up to this point to identify and address gaps in your security program, get buy-in from your organization, allocate resources to help you run your program, and built a program policy and defined means of receiving vulnerability reports. It’s time to launch your VDP.
Need more help? Check out the Play Academy's interactive course. The online course supplements this content with interactive quizes, projects, and videos.