Request a Demo Contact Us
Join us at Black Hat Europe on December 4-7, 2023
Join Us

Get Started with a Vulnerability Disclosure Program - Buy Online!


4.35 Million

Average cost of a data breach in 2022

1 Month

Average time to discover the first critical vulnerability via a Bugcrowd VDP

No longer optional

Vulnerability Disclosure Programs (VDPs) are now an industry standard (and are often required by regulation) for proving a public commitment to a strong security posture. A complement to bug bounties and penetration testing, VDPs allow anyone on the internet to altruistically report any vulnerability they’ve found, and for program owners to implement guidelines and best practices for their intake, management, and disclosure.

Adoption of a VDP is visible proof that your organization understands the inevitability of vulnerabilities, and is committed to security transparency. But, most organizations lack the resources or expertise to stand up and manage a VDP on their own.

Pain-free VDP at your pace

The solution is a fully managed VDP on the Bugcrowd Platform. Bugcrowd’s VDP solution–adopted by CISA in 2020 as the standard for U.S. civilian Federal agencies–includes vulnerability intake and tracking, continuous validation and triage, and program support, as well as developer tool integrations to accelerate discovery and remediation.

You get all the benefits of a well-run VDP, with none of the hassles and overhead of managing a program yourself. And, you can choose a price and entry point that makes sense for you, and even buy your plan directly online!

Compare plan features


Perfect way to get started
  • First 15 Submissions
  • Automatic Status Updates
  • Managed Email Submissions
  • Embedded Submission Form
  • SDLC Integration
  • Self Support


Ideal for ramping up a VDP
  • First 75 Submissions
  • Automatic Status Updates
  • Managed Email Submissions
  • Embedded Submission Form
  • SDLC Integration
  • Self Support


Ideal for high-volume VDPs
  • Unlimited Submissions
  • Performance Dashboard
  • Remediation Advice
  • Promotional listing on = 18x more submissions on average
  • Researcher Relations
  • Solution Architect
  • Managed Support

Pricing is for the first year when paid annually upfront. New VDP Customers only.

Frequently Asked Questions

If something isn’t covered, or you have any questions please email us at Our support team is available 9am to 5pm, Monday to Friday PST.

Vulnerablity Disclosure Program or Responsible Disclosure Program is a program that allows security researchers to safely report found vulnerabilities to your team. It can be a messy process for researchers to know exactly how to share vulnerabilities in your applications and infrastructure in a safe and efficient manner. We make this dead simple with our multiple methods for intake and managed service features like Triage and Coordinated Disclosure.

After you purchase, you can work with your account team to upgrade or change your plan.

Currently, through self-service, only credit cards are accepted. However, at check out you can also choose to speak to a Bugcrowd representative to place a purchase order if you wish.

All subscriptions are currently on an annual basis, we do not offer monthly or multi-year deals via self-service at this time.

We do not limit the number of users on the platform for active programs. We do have role-based access so you can control access to specific parts of your programs and management tasks.

Currently, we do not have a free offering on the Bugcrowd platform. This is because we are running a managed service on a SaaS platform. This means you get features like Triage and Coordinated Disclosure as part of our standard offering. We manage the researchers’ expectations and ensure a high signal-to-noise ratio on the programs you are running.

At the time of launch you will be assigned an account team including an account manager, they will be your primary point of contact along with your support and operations representative to ensure your program runs smoothly.

To cancel your plan you can contact your account manager or email