As VDPs Remain a Fundamental Tool for Reducing Cybersecurity Risk, Essential VDP Simplifies How Organizations Embrace this Best Practice and Stay Compliant
HackerOne, the leader in human-powered security, today announced Essential VDP — a free, entry-level tier of HackerOne Response, its Vulnerability Disclosure Program (VDP) product. Any organization can now establish a VDP with HackerOne to help address compliance requirements and maintain a direct channel for the global researcher community to report high-impact vulnerabilities.
“Adopting a vulnerability disclosure program ensures that an organization is prepared to handle security vulnerabilities effectively,” said Jason DeBord, CISO, Ohio Secretary of State. “Our VDP gives us a communication channel with security researchers so they can report vulnerabilities before bad actors find them.”
A growing list of standards and regulatory requirements from governments recognize VDPs as an essential security best practice, including NIST 800-53, ISO 27001, and the Product Security and Telecommunications Infrastructure Act (PSTI).
“Thousands of leading organizations have already adopted, and continue to adopt, VDPs because they work. They are a proven and fundamental best practice that reduces cybersecurity risk,” said Ilona Cohen, Chief Legal and Policy Officer at HackerOne. “Improving access to VDPs will make it easier for individual organizations to meet compliance standards and collectively improve the safety of the internet for everyone.”
Essential VDP gives organizations new to vulnerability disclosure free access to set up a VDP on HackerOne’s platform with the tools to:
- Launch quickly through a guided onboarding experience, which includes training, product documentation, templated disclosure guideline support, and integration with a HackerOne inbox for easier vulnerability tracking and remediation.
- Access industry-leading policy guidance and best practices informed by the thousands of programs on the HackerOne Platform.
- Address compliance requirements with in-platform attestation reports as proof that you maintain a VDP for common frameworks and mandates.
“We found that handling reports via email was becoming difficult to manage,” said Arthur Weibe, Site Reliability Engineer, ADAMnetworks. “HackerOne Essential VDP resolves this issue by providing a structured way to track all reports from triage to resolution. We get better reports, and the team has better visibility.”
HackerOne continues to support thousands of programs for leading brands, including established VDPs for The Ohio Secretary of State, Department of Defense, John Deere, and Adobe. Learn more about HackerOne’s VDP offerings and Essential VDP here.