Vulnerability Disclosure Programs

Vulnerability disclosure programs (VDPs) provide a structured, always-on intake for security reports. NidFul distills proven best practices into guidance tailored for the legal and operational landscape of African organisations.

Core Benefits

• Safe-harbor policy that protects good-faith researchers.
• Dedicated intake forms with secure file uploads and automated acknowledgements.
• Transparent SLAs for acknowledgement and remediation.
• Trusted triage whether handled internally or via NidFul managed services.

Policy Essentials

• Clear scope listing: domains, APIs, mobile apps, IoT, and infrastructure.
• Safe-harbor statement referencing NDPR, POPIA, and relevant national policies.
• Testing guidelines outlining prohibited techniques and rate limits.
• Contact method for urgent or high-impact issues (phone, secure inbox).

Launch Stages

1. Draft – Collaborate with legal and compliance teams.
2. Internal Pilot – Dry-run sample submissions to validate workflow.
3. Public Launch – Publish on NidFul and company channels; syndicate to community forums.
4. Iterate – Review metrics monthly, expand scope, and refine communication scripts.

Submission Intake Form

• Accepts structured impact descriptions, reproduction steps, and attachments.
• Supports optional anonymity while still enforcing ethical testing standards.
• Integrates with case-tracking tools to prevent lost reports.

Public Communication

• Host policy pages on your domain with NidFul-managed backend.
• Offer PGP keys for encrypted email submissions where required.
• Celebrate researchers through a hall-of-fame page if permitted.

Maintaining Trust

• Respond to new submissions quickly, even if only to confirm receipt.
• Share remediation updates when critical issues are fixed.
• Periodically publish transparency reports summarising resolved vulnerabilities.

Ready to quantify the impact of your VDP? Dive into Insights & Benchmarks to showcase progress.