Receiving vulnerability reports of any business or organization

Managed by WhiteHub

Points only
327 0

Program rules


Vulnerability disclosure program (VDP) is a program that receives reports of security vulnerabilities in products of any enterprise or organization on the Internet.

Program targets

  • Important websites, products, and services of large enterprises (domestic and foreign) affecting many users.
  • Public products on the internet and widely used programming frameworks and libraries

Operation principles

  • WhiteHub acts as an intermediary to receive vulnerability reports from experts and transfer them to governing organizations and software manufacturers safely.
  • We promise to return all bounty (if any) or acknowledgment from software manufacturers to researchers.
  • As the VDP program is non-profitable and for the community, WhiteHub does not charge any fees from this program.

How it works

  • Researchers who find security vulnerabilities in public software products submit reports to this program
  • The vulnerability reports must include the following information: affected product name, manufacturer name, detailed description of the bug
  • WhiteHub will check the accuracy of the submitted reports before transferring to the manufacturer

Valid vulnerabilities

This program will only focus on HIGH and CRITICAL vulnerabilities, with a CVSS score of 7.0-10.0.


We will reward points for valid vulnerability reports, the bounty will be decided by software manufacturers.

Reward range

Severity Reward range
HIGH 3 Points
MEDIUM 2 Points
LOW 1 Point


327 reports accepted
0 report rewarded

Latest hall of famers

Recently joined this program

  • iamblacksolo
  • Private Researcher
  • Private Researcher
  • Private Researcher
  • quocvietwh
  • Private Researcher
  • Private Researcher
  • minhnq22
  • Private Researcher
  • vhae04
  • Private Researcher