Bug Bounty Management

Manage all bugs discovered on your web application.Start building your cyber security resilience today.

Contact Us

Bug Bounty Management

Leverage the IT security professional community to protect your website against malicious actors with bad intent.

In addition to our services such as Penetration Testing, as part of our corporate social responsibility and commitment to a safer internet for everyone, we offer complementary managed bug bounty programs(also known as responsible disclosure programs) for all Dutch websites.
We help website owners set up a responsible disclosure policy in accordance with the National Cyber Security Centrum’s (NCSC) recommended guidelines. Specifying a clear scope for researchers to disclose vulnerabilities found on the websites, enrolled in our program. If a vulnerability has been discovered on a client’s website, our certified IT security professionals will verify the vulnerability disclosed by the researcher. Our IT security professionals will then formulate a recommendation on how to fix the vulnerability found, to the client. It is up to the client to decide whether to give credit and/or a small thank you gift to the researcher for finding the verified vulnerability.

*As this service is completely free, we have a maximum of 100 websites that we can manage. Registration for this service will be closed once our maximum is reached.*

How it Works

Contact us and ask about our bug bounty management program Our Consultants will start the onboarding process straight away.


Policy Agreement & Scoping

Together we start with establishing the scope of permitted testing & the target website(s)
Together we draft the initial responsible disclosure policies.


Finalize Responsible Disclosure Policy

Upload the final agreed upon responsible disclosure policy to your web application
Place our CERT / disclosure email address on the designated responsible disclosure page. Place our public encryption key on your responsible disclosure(assures secure communication)


Vulnerability Discovery & handling

When a potential vulnerability has been submitted, our certified IT Security consultants will:

  • Investigate the reported bug / vulnerability
  • Assess if it is a vulnerability
  • Inform your organization, with recommendation


Researcher Reward and Aftercare

Based on the severity of the vulnerability, it is at your discretion to reward the external research for finding and reporting the vulnerability.
Blueprint's consultants will be available, if needed, to provide additional aftercare and support

Book a Free Consultation Now