Opening a vulnerability disclosure program

Hello everyone I hope you all are having a good day.

On seeing this forum I just got a random thought about starting a VDP and I’m sharing it here.

What is a vulnerability disclosure program (VDP)?

A vulnerability disclosure program offers a secure channel for researchers to report security issues and vulnerabilities, and typically includes a framework for intake, triage, and workflows for remediation.

For example you can look at Harvard Vulnerability Disclosure Program.

Why we need this?

Since the techlore domain is now handling sensitive data of users like email. We want to make sure it’s safe and secure.

For this we could run a crowd sourced vulnerability disclosure program. Where individual hackers would hack on the domain and report vulnerability to techlore team. This method is been used my many companies and organisations to improve their security posture.

Hackers would test the web application and in return we could give them rewards or some kind of hall of fame/certificate to acknowledge the work they did.

I understand that this program requires lot of resources and man power but we could try to make this possible and could avoid future data breach.

1 Like

Can’t say whether we’ll do this or not, but I will definitely look into it further this week, it’s an interesting idea.

If you or anyone finds a security flaw with the forum please email me: jonah@techlore.tech, at the very least we’ll credit you with a badge on the forum haha :slight_smile:

1 Like