← Cybersecurity Alphabet Soup

VDP

Vulnerability Disclosure Program

appsecmedium

A VDP is an organization's published policy and channel for outside researchers to report security flaws safely, promising not to pursue legal action for good-faith research. It sits in the operations phase of the lifecycle, turning random strangers finding your bugs from a threat into an asset. Unlike a bug bounty, a VDP does not necessarily pay rewards; its core value is a clear, safe reporting path.

Sources

More in appsec