Vulnerability disclosure program (VDP) is a program that receives reports of security vulnerabilities in products of any enterprise or organization on the Internet.
- Important websites, products, and services of large enterprises (domestic and foreign) affecting many users.
- Public products on the internet and widely used programming frameworks and libraries
- WhiteHub acts as an intermediary to receive vulnerability reports from experts and transfer them to governing organizations and software manufacturers safely.
- We promise to return all bounty (if any) or acknowledgment from software manufacturers to researchers.
- As the VDP program is non-profitable and for the community, WhiteHub does not charge any fees from this program.
How it works
- Researchers who find security vulnerabilities in public software products submit reports to this program
- The vulnerability reports must include the following information: affected product name, manufacturer name, detailed description of the bug
- WhiteHub will check the accuracy of the submitted reports before transferring to the manufacturer
This program will only focus on HIGH and CRITICAL vulnerabilities, with a CVSS score of 7.0-10.0.
We will reward points for valid vulnerability reports, the bounty will be decided by software manufacturers.