Vulnerability Disclosure Programs Made Simple

Choose the VDP plan that's right for you

Vulnerability Disclosure Programs Made Simple

Choose the VDP plan that's right for you

4.24 Million

Average cost of a data breach–Ponemon Institute

87% of Organizations

have received a critical or high priority vulnerability from a Bugcrowd VDP

Grow a VDP at Your Own Pace

A vulnerability disclosure program is now mandatory in an increasing number of government organizations and commercial industries. With a VDP, you essentially invite the world to help you spot security issues in your Internet facing assets and then make fixes based on what they find. A simple idea in concept. But extremely difficult to achieve in practice. The answer? Bugcrowd VDP.

Pain-Free VDP

With a managed VDP plan from Bugcrowd, you get all the security benefits and risk reduction that a well-run VDP provides, but with none of the hassles and overhead of doing it all from scratch.

Bugcrowd Managed VDP Plans

Wherever you are on your vulnerability disclosure journey, Bugcrowd has a plan to suit your needs. All Bugcrowd VDP offerings are fully-managed, which means our team handles program design and deployment, as well as vulnerability triage, validation, and prioritization so you can fix critical issues faster. And with Bugcrowd, there are no hidden fees or unexpected surprises. All services are inclusive.

Compare Plan Features

SELF-MANAGED

Manage a VDP on your own

Includes :

Accepts security feedback from a global community

BASIC 15

Ideal for getting started with a VDP

$299 / mth

Includes :

First 15 Submissions of security feedback from a global community
Managed Triage
Coordinated Disclosure
Continuous coverage
Real-time results
Automatic status updates to researchers
Managed Email Submissions
Embedded Submission form for your websites
Library of APIs, webhooks, and pre-built connectors for bidirectional SDLC integration
Account management

BASIC 75

Ideal for ramping up a VDP

$999 / mth

Includes :

First 75 Submissions of security feedback from a global community
Managed Triage
Coordinated Disclosure
Continuous coverage
Real-time results
Automatic status updates to researchers
Managed Email Submissions
Embedded Submission form for your websites
Library of APIs, webhooks, and pre-built connectors for bidirectional SDLC integration
Account management

CUSTOM

Ideal for high-volume VDPs

Everything in Basic 75

Researcher relations
Remediation advice
In-program performance dashboards
Trusted security advisor for programs
Hosted VDP on Bugcrowd website with promotional listing—18x more submissions on average

Pricing is for the first year when paid annually upfront. New VDP Customers Only

Top Organizations Trust Bugrcrowd for VDP

OUR CUSTOMERS

Experienced. Proven. Trusted.

Bugcrowd PTaaS gives me, my team, and our clients complete peace of mind that BeebBole is up and running securely. Bugcrowd has been nothing but fast, efficient, and meticulous.

Yves Hiernaux, CEO & Co-Founder, BeeBole

Frequently Asked Questions

If something isn’t covered, or you have any questions please email us at get.started@bugcrowd.com. Our support team is available 9am to 5pm, Monday to Friday PST.

What is a Vulnerability Disclosure Program?

Vulnerablity Disclosure Program or Responsible Disclosure Program is a program that allows security researchers to safely report found vulnerabilities to your team. It can be a messy process for researchers to know exactly how to share vulnerabilities in your applications and infrastructure in a safe and efficient manner. We make this dead simple with our multiple methods for intake and managed service features like Triage and Coordinated Disclosure.

Can i change my option at a later stage?

After you purchase, you can work with your account team to upgrade or change your plan.

What payment options do you accept?

Currently, through self-service, only credit cards are accepted. However, at check out you can also choose to speak to a Bugcrowd representative to place a purchase order if you wish.

Do you offer annual subscriptions?

All subscriptions are currently on an annual basis, we do not offer monthly or multi-year deals via self-service at this time.

What is the maximum amount of users?

We do not limit the number of users on the platform for active programs. We do have role-based access so you can control access to specific parts of your programs and management tasks.

Can i try Bugcrowd for free?

Currently, we do not have a free offering on the Bugcrowd platform. This is because we are running a managed service on a SaaS platform. This means you get features like Triage and Coordinated Disclosure as part of our standard offering. We manage the researchers’ expectations and ensure a high signal-to-noise ratio on the programs you are running.

What happens if i am not satisfied with my Bugcrowd program?

At the time of launch you will be assigned an account team including an account manager, they will be your primary point of contact along with your support and operations representative to ensure your program runs smoothly.

How can i cancel my plan?

To cancel your plan you can contact your account manager or email support@bugcrowd.com.

RELATED RESOURCES

Learn more about Vulnerability Disclosure Programs

Ultimate Guide to Vulnerability Disclosure

Read More