Overview

Vulnerability disclosure program (VDP) is a program that receives reports of security vulnerabilities in products of any enterprise or organization on the Internet.

Program targets

• Important websites, products, and services of large enterprises (domestic and foreign) affecting many users.
• Public products on the internet and widely used programming frameworks and libraries

Operation principles

• WhiteHub acts as an intermediary to receive vulnerability reports from experts and transfer them to governing organizations and software manufacturers safely.
• We promise to return all bounty (if any) or acknowledgment from software manufacturers to researchers.
• As the VDP program is non-profitable and for the community, WhiteHub does not charge any fees from this program.

How it works

• Researchers who find security vulnerabilities in public software products submit reports to this program
• The vulnerability reports must include the following information: affected product name, manufacturer name, detailed description of the bug
• WhiteHub will check the accuracy of the submitted reports before transferring to the manufacturer

Valid vulnerabilities

This program will only focus on HIGH and CRITICAL vulnerabilities, with a CVSS score of 7.0-10.0.

Bounty

We will reward points for valid vulnerability reports, the bounty will be decided by software manufacturers.