Manage your VDP reports in a structured and auditable way
The YesWeHack platform empowers organisations to centralise and manage all their vulnerability reports—regardless of the source—in a single, unified interface.
This article focuses specifically on managing reports received through your Vulnerability Disclosure Program (VDP). Using the Vulnerability Center, you can efficiently track, prioritize, and remediate VDP submissions alongside other security testing outputs.
ℹ️ Learn more about the Vulnerability Center and its key features.
Find and remediate vulnerabilities reported through your VDP
Go to the “Vulnerability Center”
Click on a VDP report of your choice
Reports submitted through a VDP benefit from the same template, interface, and features than other types of reports (e.g., Bug Bounty).
ℹ️ To learn more about key informations of a vulnerability report, click here.
Click on “Actions”
Send a “comment” to your team or to the YesWeHack triagers team (if subscribed) and “change the report status” to track internally the remediation
ℹ️ Reports' statuses follow a precise workflow. Check out this article to learn more about it.
Key differences between VDP and Bug Bounty
There is no possible interaction with the security researcher. The reports are not directly submitted on YesWeHack by an authenticated hunter, but through your VDP page, and sometimes anonymously.
There is no possibility to reward a vulnerability report from a VDP. There should be no incentive or expectation of financial rewards for reporting vulnerabilities through a VDP. This is a complementary approach to bug bounty.
⚠️ Even if the “Comment for Hunter” section appears, you can’t communicate directly with the person who reported the vulnerability.