Managed Bug Bounty

Use the security community to protect your website against malicious actors with bad intent.

In addition to our Penetration Testing services, as part of our corporate social responsibility and commitment to a safer internet, we offer complementary managed responsible disclosure programs for all Dutch websites.

 

We help website owners set up a responsible disclosure policy in accordance with the National Cyber Security Centrum’s (NCSC) recommended guidelines. Specifying a clear scope for researchers to disclose vulnerabilities found on the websites, enrolled in our program.

 

If a vulnerability has been discovered on a client’s website, our certified IT security professionals will verify the vulnerability disclosed by the researcher. Our IT security professionals will then formulate a recommendation on how to fix the vulnerability found, to the client. It is up to the client to decide whether to give credit and/or a small thank you gift to the researcher for finding the verified vulnerability.

*As this service is completely free, we have a maximum 100 websites that we can manage. Registration for this service will be closed once our maximum is reached.*

Responsible Disclosure Methodology

Contact us

Policy Agreement & Scoping

  • Together we draft responsible disclosure policies
  • Establish the scope of permitted testing

Finalize Responsible Disclosure Policy

  • Upload the final responsible disclosure policy to your web application
  • Place our CERT email address on a designated responsible disclosure page

Encryption Key

  • Place our public encryption key on your responsible disclosure(assures secure communication)

Vulnerability Discovery

When a potential vulnerability has been submitted, our certified IT Security consultants will:

  • Investigate the vulnerability
  • Assess if it is a vulnerability
  • Inform your organization

Disclosure Handling

  • Our consultants will provide a fix recommendation to the responsible party within your organization.

Research Reward

  • Based on the severity of the vulnerability, it is up to your discretion to reward the external research for finding and reporting the vulnerability.

    Blueprint Security’s mission is to provide exceptional IT security services for all our customers. We believe in flexibility, transparency, consistency and results.

    Blueprint Security is devoted to educating the next generation within the cyber security domain and are proud sponsors of the HackersHub community.

    ADDRESS

    Zeestraat 100
    2518 AD
    The Hague
    The Netherlands

    PHONE

    +31 (0)70 22 111 94

    EMAIL

    info@blueprintsecurity.nl