Latest threats Bug bounty For devs Deep dives More About

Web security vulnerabilities Network security vulnerabilities Cloud security Zero-day news Supply chain attacks

View all web security news

Prototype pollution

Prototype pollution project yields another Parse Server RCE

Bug bounty news VDPs Bug Bounty Radar

View all bug bounty news

Bug Bounty Radar

The latest programs for February 2023

DevSecOps Security best practices Dev stack tech

View all dev related news

All Day DevOps

AppSec engineer keynote says Log4j revealed lessons were not learned from the Equifax breach

Deep dives Interviews

View all of the latest features

Infosec beginner?

A rough guide to launching a career in cybersecurity

Industry news Enterprise security news Web hacking tools Events

View all infosec industry news

Cybersecurity conferences

A schedule of events in 2022 and beyond

Latest vulnerability disclosure policy (VDP) news

VDPs – or Vulnerability Disclosure Programs – are established by organizations to provide a framework for responsibly reporting security vulnerabilities.

Typically comprising a scope, safe harbor clause, and remediation methods, they give security researchers reassurance that they can report security flaws without fear of legal consequences – and give organizations confidence that bugs will be uncovered and reported without giving attackers an inadvertent head start.

Financial rewards are not paid to researchers, but VDPs are often a precursor to organizations launching bug bounty programs.

Want more? Catch up with the latest VDP news here.