Introducing Vulnerability AI Coordinated & Responsible Disclosure

learn more
Website developer or sysadmin looking for efficient website security?
It's worth checking out our web-application scanner for routine
security monitoring.

Introduction

Vulnerability AI is a non-profit platform designed to connect security researchers and website owners in a transparent, respectful and mutually valuable manner. Our purpose is to make the web a safer place for everyone’s benefit. The Vulnerability AI Coordinated Vulnerability Disclosure Platform allows trusted security researchers to report vulnerabilities residing on all websites as long as the vulnerability is discovered without any intrusive testing techniques and is submitted following responsible disclosure guidelines.

The role of Vulnerability AI is limited to independent verification of the submitted vulnerabilities and proper notification of website owners by all available means. Once notified, the website owner and the researcher are in direct contact to remediate the vulnerability and coordinate its disclosure. At this and at any later stages, we never act as an intermediary between website owners and security researchers.

Vulnerability AI follows the ISO 29147 guidelines of ethical and coordinated disclosure to ensure a smooth process for all parties involved.

How does the process work?

The Vulnerability AI Coordinated Vulnerability Disclosure Platform allows trusted security researchers to report vulnerabilities residing on all websites as long as the vulnerability is discovered without any intrusive testing techniques and is submitted following responsible disclosure guidelines.

The role of Vulnerability AI is limited to independent verification of the submitted vulnerabilities and proper notification of website owners by all available means. Once notified, the website owner and the researcher are in direct contact to remediate the vulnerability and coordinate its disclosure. At this and at any later stages, we never act as an intermediary between website owners and security researchers.





How is Vulnerability AI funded?

The founders behind Vulnerability AI have no financial interest in the project. Moreover, we pay hosting expenses and web development costs from our pocket, and spend our nights verifying new submissions. However, we strongly urge you to consider making payments / donations to our contributors - most of our contributors engage in the responsible disclosure process full-time. By making payments / donations and being supportive, they can continue doing what they are doing on a regular basis.

General monetary rewards range anywhere from €500 to €10000 depending on the severity of the vulnerability reported. One critical element to consider while deciding on a reward is the potential impact that the vulnerability could have had on your website / company if the security researcher did not follow the responsible disclosure process.