skip to Main Content
This website use cookies which are necessary to its functioning and required to achieve the purposes illustrated in the privacy policy. To learn more or withdraw consent please click on Learn More. By continued use of this website you are consenting to our use of cookies.

Vulnerability Disclosure Programs
Made Simple

Choose the VDP plan that’s right for you

Grow a VDP at Your Own Pace

A vulnerability disclosure program is now mandatory in an increasing number of government organizations and commercial industries. With a VDP, you essentially invite the world to help you spot security issues in your Internet facing assets and then make fixes based on what they find. A simple idea in concept. But extremely difficult to achieve in practice. The answer? Bugcrowd VDP.

Pain-Free VDP

With a managed VDP plan from Bugcrowd, you get all the security benefits and risk reduction that a well-run VDP provides, but with none of the hassles and overhead of doing it all from scratch.

999 Million
Average cost of a data breach–Ponemon Institute
87% of Organizations
have received a critical or high priority vulnerability from a Bugcrowd VDP

Bugcrowd Managed VDP Plans

Wherever you are on your vulnerability disclosure journey, Bugcrowd has a plan to suit your needs. All Bugcrowd VDP offerings are fully-managed, which means our team handles program design and deployment, as well as vulnerability triage, validation, and prioritization so you can fix critical issues faster. And with Bugcrowd, there are no hidden fees or unexpected surprises. All services are inclusive.

Compare Plan Features

Basic 15
$299 per month
for the first year when paid annually upfront.
New VDP customers only.
  • Accept up to 15 submissions of security feedback from a global community
  • Managed triage
  • Coordinated disclosure
  • Continuous coverage
  • Real-time results
  • Automatic status updates to researchers
  • Managed email submissions
  • Embedded submission form for your websites
  • Self-Service Library of APIs, webhooks, and pre-built connectors for bidirectional SDLC integration
  • Self-Service Account management
Get Started
Basic 75
$999 per month
for the first year when paid annually upfront.
New VDP customers only.
  • Accept up to 15 submissions of security feedback from a global community
  • Managed triage
  • Coordinated disclosure
  • Continuous coverage
  • Real-time results
  • Automatic status updates to researchers
  • Managed email submissions
  • Embedded submission form for your websites
  • Self-Service Library of APIs, webhooks, and pre-built connectors for bidirectional SDLC integration
  • Self-Service Account management
Get Started
Custom
Let's Chat
  • Accept unlimited submissions of security feedback from a global community
  • Managed triage
  • Coordinated disclosure
  • Continuous coverage
  • Real-time results
  • Automatic status updates to researchers
  • Managed email submissions
  • Embedded submission form for your websites
  • Library of APIs, webhooks, and pre-built connectors for bidirectional SDLC integration
  • Account management
  • Researcher relations
  • Remediation advice
  • In-program performance dashboards
  • Trusted security advisor for programs
  • Hosted VDP on Bugcrowd website with promotional listing—18x more submissions on average
Contact Us

Self-Managed

Basic 15

Basic 75

Custom

Accept security feedback from a global community

checkbox_svg

First 15 Submissions

First 75 Submissions

Unlimited Submissions

Managed Triage1

checkbox_svg
checkbox_svg
checkbox_svg

Coordinated Disclosure2

checkbox_svg
checkbox_svg
checkbox_svg

Continuous coverage

checkbox_svg
checkbox_svg
checkbox_svg

Real-time results

checkbox_svg
checkbox_svg
checkbox_svg

Automatic status updates to researchers

checkbox_svg
checkbox_svg
checkbox_svg

Managed Email Submissions

checkbox_svg
checkbox_svg
checkbox_svg

Embedded Submission form for your websites

checkbox_svg
checkbox_svg
checkbox_svg

Library of APIs, webhooks, and pre-built connectors for bidirectional SDLC integration

checkbox_svg
checkbox_svg
checkbox_svg

Account management

checkbox_svg
checkbox_svg
checkbox_svg

Researcher relations3

checkbox_svg

Remediation advice

checkbox_svg

In-program performance dashboards

checkbox_svg

Trusted security advisor for programs

checkbox_svg

Hosted VDP on Bugcrowd website with promotional listing—18x more submissions on average

checkbox_svg

for the first year when paid annually upfront.
New VDP Customers Only

for the first year when paid annually upfront.
New VDP Customers Only

1 Our in-house team validates at 95% signal-to-noise ratio and prioritizes results
2 Apply best practice policies for communicating about discovered vulnerabilities
3 We work directly with researchers to prevent security incidents from going public prematurely

Top Organizations Trust Bugcrowd for VDP

How Motorola Mobility Reduces Risk With Bugcrowd’s Private Bug Bounty and VDP

“With all these breaches happening around us, it becomes very easy for us to say to our executive staff, ‘Isn’t it better to know vulnerabilities exist before we get exploited by the bad guys?’ VDP gives us not only actionable insights to stay ahead of the adversaries, but also peace-of-mind.”

Richard Rushing, CISO, Motorola Mobility
READ THE CASE STUDY

Frequently Asked Questions

If something isn’t covered, or you have any questions please email us.

get.started@bugcrowd.com

Our support team is available 9am to 5pm, Monday to Friday PST.

Vulnerablity Disclosure Program or Responsible Disclosure Program is a program that allows security researchers to safely report found vulnerabilities to your team. It can be a messy process for researchers to know exactly how to share vulnerabilities in your applications and infrastructure in a safe and efficient manner. We make this dead simple with our multiple methods for intake and managed service features like Triage and Coordinated Disclosure.

After you purchase, you can work with your account team to upgrade or change your plan.

Currently, through self-service, only credit cards are accepted. However, at check out you can also choose to speak to a Bugcrowd representative to place a purchase order if you wish.

All subscriptions are currently on an annual basis, we do not offer monthly or multi-year deals via self-service at this time.

We do not limit the number of users on the platform for active programs. We do have role-based access so you can control access to specific parts of your programs and management tasks.

Currently, we do not have a free offering on the Bugcrowd platform. This is because we are running a managed service on a SaaS platform. This means you get features like Triage and Coordinated Disclosure as part of our standard offering. We manage the researchers’ expectations and ensure a high signal-to-noise ratio on the programs you are running.

At the time of launch you will be assigned an account team including an account manager, they will be your primary point of contact along with your support and operations representative to ensure your program runs smoothly.

To cancel your plan you can contact your account manager or email support@bugcrowd.com.

Related Resources

Back To Top