MyOpenVDP is a turnkey open-source solution allowing anyone to host their own vulnerability disclosure policy (VDP). Developed by YesWeHack, the web application is available on GitHub.
How MyOpenVDP works
- Someone finds a vulnerability or a security bug on your website or product
- They go to your MyOpenVDP application
- They describe the vulnerability
- Their report is encrypted in their browser
- You receive the report via e-mail
“Over the last years, many international and inter-governmental organizations have taken relevant actions promoting the issue of vulnerability disclosure policy (VDP) as a public policy topic and providing a strong political commitment toward that end,” Guillaume Vassault Houlière, CEO at YesWehack, told Help Net Security.
“The OECD, with its working group on Security in the Digital Economy, has promoted the topic of encouraging responsible vulnerability treatment among its members. The CyAN Global Coalition to Protect Cyber Researchers is also an important step to push for consistent legal immunities for zero-day researchers. Then, the EU has put in place regulatory initiatives promoting the use of VDP: the Cybersecurity Act, the update of the NIS Directive and the recent proposal on the Cyber Resilience Act are all encouraging Member States and private organizations to design and deploy VDP to facilitate the reporting, detection, and remediation of vulnerabilities,” Houlière concluded.