Synack’s managed VDP
U.S. government agencies are required to offer a Vulnerability Disclosure Program (VDP) that provides a path for members of the public to alert an agency to cybersecurity vulnerabilities, in line with the Cybersecurity and Infrastructure Security Agency’s Binding Operational Directive 20-01. Synack’s managed VDP provides a white-glove option for responsible disclosure, running point for government agency teams by handling vulnerability triage with remediation guidance, coordinating researcher recognition and providing data to support CISA reporting, all backed by the premier security testing services available on the Synack Platform.
Activated by a vetted community of security researchers, the Synack Platform brings together 4 critical elements of testing
Penetration testing
Transform your pentesting program with fast and flexible deployment options, vulnerability management and access to a community of elite security talent.
Vulnerability management
Read comprehensive summaries of exploitable vulnerability findings, communicate with researchers and request patch verification, all through convenient workflows.
API security testing
According to Gartner, 90% of web applications now have a larger attack surface exposed via APIs than through the user interface. API protection is a critical piece of the attack surface that requires offensive penetration testing.
Managed VDP
Offensive teams know that receiving vulnerabilities from public researchers requires thoughtful analysis, implementation and management. Expert security skills are a critical part of running a successful VDP, and you need a trusted partner that can give you the best advice.
1
Why are VDPs important?
2
Why managed VDPs make a difference
Contact Us
Ready to get started?
Hear how Synack’s managed VDP can support the cyber resiliency of your organization.