Hello everyone I hope you all are having a good day.
On seeing this forum I just got a random thought about starting a VDP and I’m sharing it here.
A vulnerability disclosure program offers a secure channel for researchers to report security issues and vulnerabilities, and typically includes a framework for intake, triage, and workflows for remediation.
For example you can look at Harvard Vulnerability Disclosure Program.
Since the techlore domain is now handling sensitive data of users like email. We want to make sure it’s safe and secure.
For this we could run a crowd sourced vulnerability disclosure program. Where individual hackers would hack on the domain and report vulnerability to techlore team. This method is been used my many companies and organisations to improve their security posture.
Hackers would test the web application and in return we could give them rewards or some kind of hall of fame/certificate to acknowledge the work they did.
I understand that this program requires lot of resources and man power but we could try to make this possible and could avoid future data breach.