Setting a bounty on bugs? What you need to know.

With security high up on the priorities of many of our members, one tool to consider is a Coordinated Vulnerability Disclosure Policy (CVDP): a series of rules that allows people, such as ‘ethical hackers’, to seek out weaknesses in your systems, and let you know about them. When the initiative includes a reward, this becomes a ‘bug bounty’.


Beltug cooperates with the Centre for Cyber Security Belgium (CCB), to share information that can support our members’ security needs and goals. The CCB has published a Guide to a Coordinated Vulnerability Disclosure Policy, that covers both best practices and legal aspects. It includes reasons to adopt a CVDP, what should be included, the steps for creating your policy, data privacy, fraud and infractions, and more. The CCB also provides a FAQ, a brochure and an example of a CVDP, all of which are available free of charge, on their website, in French or Dutch.


Beltug has put together a Debate Room for our members on 21 January 2021, where CCB and intigriti will introduce the Guide, and then you can discuss your concerns and questions with your peers.