Building a VDP Program: Lessons from the Battlefield

November 17, 2020 – 12:45PM EST

The DoD’s Vulnerability Disclosure Program (VDP) is the oldest and largest such program in the world. Born as a permanent sustainment of the 2016 Hack the Pentagon Bug Bounty Program, the DoD VDP is the central point for crowdsourced vulnerability discovery and also tracks vulnerabilities from initial report to completed mitigation.

This presentation will:
Enrich: Provide historical background and the need for building VDP programs as well as a new methodological construct of the vulnerability lifecycle to better understand vulnerability data.

Enable: Outline the functions and stakeholder roles in building a VDP. Through a case study of a buildout of a Defense Industrial Base VDP program, we’ll show how VDPs can help inoculate organizations through vulnerability information sharing.

Excel: Reduce an attack surface through an additional outer layer of defense.

Learning Objectives

  • Describe what a vulnerability disclosure program (VDP) is and why it is an important component of an organization’s security platform.
  • Define how a VDP differs from traditional vulnerability management programs.
  • Describe ways that a vulnerability can be shared between organizations in order to better protect security partners.

Charles G. Yarbrough, Jr.

Senior Engineer, Software Engineering Institute

You need to purchase your pass and register for Security Congress before you can save your spot to attend this session.

Reminder: to register for and view sessions,
all attendees must sign-up or log into BrightTALK

Trouble logging in for the session? Click here

Already have a BrightTALK account? Click “Log in”

You don’t have to use the same email address as your Congress account

Don’t have an account yet?

Fill out the form to sign up for free!


Think you have an account but forgot your password?

Or you’re seeing this message?

Click here to reset your BrightTALK password

Seeing this screen or the session is playing?

You’re already logged in!


Still having trouble?
Click here to email support

Charles G. Yarbrough, Jr.

Senior Engineer, Software Engineering Institute