COORDINATED VULNERABILITY DISCLOSURE POLICY AND VULNERABILITY DETECTION REWARD PROGRAM (BUG BOUNTY)
A Coordinated Vulnerability Disclosure Policy (CVDP) is a set of rules determined in advance by an organisation responsible for IT systems that allows participants (or "ethical hackers") with good intentions to identify potential vulnerabilities in its systems or to provide it with all relevant information about them.
A vulnerability rewards program (or "bug bounty" program) covers all rules set by a responsible organization to give rewards to participants who identify vulnerabilities in the technologies it uses. This is a type of coordinated vulnerability disclosure policy which includes rewards for participants based on the amount, importance or quality of the information provided.
FAQ - Coordinated Vulnerability Disclosure Policy
Here you will find answers to the most frequently asked questions about the coordinated vulnerability disclosure policy and about reward programmes for detecting vulnerabilities (Bug Bounty).
Guide I & II: "Good Practices" and "Legal Aspects"
Here you will find a guide with an overview of the concepts, objectives, legal issues and good practices concerning the implementation of a coordinated vulnerability disclosure policy and of remuneration programmes for the detection of vulnerabilities under current Belgian law.
This guide consists of two parts: Part I "Good Practices" and Part II "Legal Aspects".
Brochure - Coordinated Vulnerability Disclosure Policy
Here you will find a brochure with the benefits involved in a coordinated vulnerability disclosure policy and/or a vulnerability rewards program for private and public organisations.
Example - Coordinated Vulnerability Disclosure Policy
Here is an example of a coordinated vulnerability disclosure policy and/or of a vulnerability rewards program, which should be adapted to the specific situation and choices of your organisation.