A Coordinated Vulnerability Disclosure Policy (CVDP) is a set of rules determined in advance by an organisation responsible for IT systems that allows participants (or "ethical hackers") with good intentions to identify potential vulnerabilities in its systems or to provide it with all relevant information about them.

A vulnerability rewards program (or "bug bounty" program) covers all rules set by a responsible organization to give rewards to participants who identify vulnerabilities in the technologies it uses. This is a type of coordinated vulnerability disclosure policy which includes rewards for participants based on the amount, importance or quality of the information provided.

Vulnerability reporting to the CCB

Here you will find all information about reporting the discovered vulnerabilities to the Center for Cybersecurity Belgium (CCB).

Image
binary-958952_1920.jpg

FAQ - Coordinated Vulnerability Disclosure Policy

Here you will find answers to the most frequently asked questions about the coordinated vulnerability disclosure policy and about reward programmes for detecting vulnerabilities (Bug Bounty).

Image
stickers_op_laptop_2.jpg

Guide I & II: "Good Practices" and "Legal Aspects"

Here you will find a guide with an overview of the concepts, objectives, legal issues and good practices concerning the implementation of a coordinated vulnerability disclosure policy and of remuneration programmes for the detection of vulnerabilities under current Belgian law.

This guide consists of two parts: Part I "Good Practices" and Part II "Legal Aspects".

**Content under review**

Image
hacker-internet-technology-computers-159195.jpg

Brochure - Coordinated Vulnerability Disclosure Policy

Here you will find a brochure with the benefits involved in a coordinated vulnerability disclosure policy and/or a vulnerability rewards program for private and public organisations.

Image
intigriti_-_johan_1.jpeg

Example - Coordinated Vulnerability Disclosure Policy

Here is an example of a coordinated vulnerability disclosure policy and/or of a vulnerability rewards program, which should be adapted to the specific situation and choices of your organisation.

Image
img_2388-min_0.jpg