MyOpenVDP: open source web application for securely disclosing vulnerabilities
MyOpenVDP is a turnkey open-source solution allowing anyone to host their own Vulnerability Disclosure Policy (VDP). Developed by YesWeHack, the web application is available on GitHub.
How MyOpenVDP works
- Someone finds a security vulnerability or bug in your website or product
- They access your MyOpenVDP application
- They describe the vulnerability
- Their report is encrypted in their browser
- You receive the report by e-mail
“Over the past few years, many international and intergovernmental organizations have taken relevant steps to promote the issue of vulnerability disclosure (VDP) policy as a public policy topic and provide strong political commitment to this end,” Guillaume Vassault Houlière, CEO of YesWehack, told Help Net Security.
“The OECD, with its Task Force on Security in the Digital Economy, has promoted the theme of encouraging responsible treatment of vulnerability among its members. The CyAN Global Coalition to Protect Cyber Researchers is also an important step in pushing for consistent legal immunities for zero-day researchers. Secondly, the EU has put in place regulatory initiatives promoting the use of VDP: the Cybersecurity Act, the update of the NIS Directive and the recent proposed Cyber Resilience Act encourage all Member States and private organizations to design and deploy the VDP to facilitate the reporting, detection and remediation of vulnerabilities,” concluded Houlière.