Coordinated Vulnerability Disclosure

Enable users and reporters to report vulnerabilities via a Coordinated Vulnerability Disclosure Policy and strengthen your IT security

Learn more

Strengthen your IT security with Coordinated Vulnerability Disclosure

The number of devices connected to the internet is growing daily. On top of that: the speed at which software and updates are released is increasing, which creates a great battlefield for criminal hackers to attack.

Small businesses and big enterprises are heavily influenced by changes in cyber security: any company which has an online presence, has intense pressure and responsibility to keep these aspects safe. That’s why being aware of the importance of your system security is crucial. A Coordinated Vulnerability Disclosure policy can be just the right asset for you to do that as it is rather easy to implement, and we support you throughout the process.

Proactive steps are no longer optional
Our platform

Strengthening your systems

A worldwide network of reporters working with you to diagnose your systems and eliminate bugs.

Our products

Cost-efficient

Disclosure is a low-cost method and a reliable replacement for more costly system-check methods.

How you take control

Trust from the clients

Being open to receive vulnerability reports shows your clients their information is safe with you.

Get started with your Coordinated Vulnerability Disclosure

Request our whitepaper
Want to know everything about Zerocopter?

What is Coordinated Vulnerability Disclosure?

Coordinated Vulnerability Disclosure is a form of disclosure: the transfer of information from an external source to a company or organisation, in this case regarding the security of IT systems. There are four ways a researcher or criminal can handle the information of a vulnerability:

Apply

Non-disclosure

the researcher or criminal keeps the information to themselves.
Often because they either fear legal repercussions when sending in or to use the vulnerability as leverage.

Apply

Limited Disclosure

the researcher or criminal shares only a limited amount of information to a limited number of parties. This puts pressure on companies to quickly fix the vulnerability to prevent exploitation.

Apply

Full Disclosure

the researcher or criminal releases the vulnerability publicly. This puts companies at risk if they cannot resolve the issue fast enough.

Apply

Coordinated Vulnerability Disclosure

the researcher directly contacts the company with a report that isn’t shared publicly until the vulnerability is fixed.

With Coordinated Vulnerability Disclosure, the vulnerability is only disclosed when it is fixed or after a certain period of time. Organisations can then fix the vulnerability or assess associated business risks that may come from it.

What is a Coordinated Vulnerability Disclosure Policy?

How does a Coordinated Vulnerability Disclosure Policy get you One Step Beyond?

With Coordinated Vulnerability Disclosure, the vulnerability is only disclosed when it is fixed or after a certain period of time. Organisations can then fix the vulnerability or assess associated business risks that may come from it, allowing for organisations to go one step beyond.

Read up on Coordinated Vulnerability Disclosures

Request our whitepaper
Want to know everything about Zerocopter?

Why do I need a Coordinated Vulnerability
Disclosure Policy?

Nowadays, software is released almost continuously. This is great for business and boosts company responsiveness, but can leave the software not thoroughly tested. Coordinated Vulnerability Disclosure provides a solution for this by providing constant and dynamic feedback on the security of your systems, regardless of how fast your releases are.

A Coordinated Vulnerability Disclosure Policy provides the best protection for companies against exploitation or data leakages while also protecting researchers with helpful intentions against legal repercussions.

What to include in a Coordinated Vulnerability Disclosure Policy?

What to include in a Coordinated Vulnerability Disclosure Policy?

A Coordinated Vulnerability Disclosure program sets up guidelines for researchers on what to report vulnerabilities on and how you’ll handle them.This program gives the researcher guidelines and a framework within which they can start their investigation. It also creates transparency about how the vulnerabilities are disclosed: the researcher directly contacts the company with a report that isn’t shared publicly until the vulnerability is fixed. By starting a Coordinated Vulnerability Disclosure program, you make clear what type of vulnerabilities you’re looking for and what you promise to do with a report.

How do I manage reports coming in via a Coordinated Vulnerability Disclosure Policy?

Handling many reports - about many vulnerabilities - can become overwhelming. A dedicated platform allows researchers to report vulnerabilities without you needing to set up additional security infrastructure.

Zerocopter is the leading enterprise application security platform, empowered by the world’s best ethical hackers. We’ll provide you with a dedicated platform and a Triage Team of security experts. Reports via the Coordinated Vulnerability Disclosure Policy workflow are reviewed by our Triage Team. This means you are only confronted with valid reports about real vulnerabilities. You can choose to pay rewards to individuals who report a valid vulnerability via the Coordinated Vulnerability Disclosure Policy.

How do I manage reports coming in via a Coordinated Vulnerability Disclosure Policy?
Whitepaper CVD

Download whitepaper

Keep me posted about the latest Zerocopter news