Request a Demo Contact Us
Bring the power of crowdsourcing to red teams with Bugcrowd RTaaS!
Learn More

Get Started with a Vulnerability Disclosure Program

bugcrowd-product-hero@2x

1 Week

Average time to discover the first valid vulnerability via a Bugcrowd VDP

1 Month

Average time to discover the first critical vulnerability via a Bugcrowd VDP

No longer optional

Vulnerability Disclosure Programs (VDPs) are now an industry standard (and are often mandated by regulation, such as BOD 20-01) for proving a public commitment to a strong security posture. A complement to bug bounties and penetration testing, VDPs allow anyone on the internet to altruistically report any vulnerability they’ve found, and for program owners to implement guidelines and best practices for their intake, management, and disclosure.

Adoption of a VDP is visible proof that your organization understands the inevitability of vulnerabilities, and is committed to security transparency. But, most organizations lack the resources or expertise to stand up and manage a VDP on their own.

Pain-free VDP at your pace

The solution is a fully managed VDP on the Bugcrowd Platform. Bugcrowd’s VDP solution–adopted by CISA as the standard for U.S. civilian Federal agencies–includes vulnerability intake and tracking, continuous validation and triage, and program support, as well as developer tool integrations to accelerate discovery and remediation.

You get all the benefits of a well-run VDP, with none of the hassles and overhead of managing a program yourself. And, you can choose a price and entry point that makes sense for you.

Compare plan features

VDP COMPLIANCE

FREE
For orgs focused on regulatory requirements
Contact Us
Includes:
  • Self Managed with Unlimited Submissions
  • Self-Service Setup
  • Embedded Submission Form
  • Automated Status Updates
  • Dashboard & Reporting
  • Self Support
  • 90-day NDA

VDP BASIC

$299/$999 per month*
Perfect for getting started with VDPs
Contact Us
Includes:
  • Engineered Triage for First 15 or 75 Submissions
  • Automated Status Updates
  • Embedded Submission Form
  • Managed Email Submissions
  • Dashboard & Reporting
  • SDLC Integration
  • Customizable Disclosure Policy w/Guidance

FULLY MANAGED VDP

Custom
Ideal for high-volume VDPs
Contact Us
Everything in VDP Basic, Plus:
  • Engineered Triage for Unlimited Submissions
  • Optional listing in public directory = 18x more submissions on average
  • Researcher Relations

* Pricing for Basic plans is for the first year when paid upfront. New VDP customers only.

RELATED RESOURCES

Learn more about Vulnerability Disclosure Programs