HomeVulnerability DisclosureVulnerability Disclosure Program (VDP)
Vulnerability Disclosure Program (VDP)
The DoD Vulnerability Disclosure Program (VDP) leverages the experience and knowledge of ethical hackers from around the world to improve network defenses and enhance mission assurance.

VDP Overview


DC3 was assigned by the Secretary of Defense to be the DoD focal point for receiving vulnerability reports and interacting with researchers consistent with DC3's existing information sharing responsibilities as a Federal Cybersecurity Center.
 

VDP Fact Sheet VDP Annual Reports VDP Bug Bytes VDP Stories  
 

The VDP provides an independent assessment of DoDIN security and defensive measures by identifying:
 

  • Vulnerabilities not found by existing red-team and automated efforts

  • Non-compliance with cyber security guidance

  • Training deficiencies
         

Contact Us

General VDP Questions:  
 This link is not to be used to report

vulnerabilities on DoD networks
and systems.

VDP Policy & Reporting

To read the DoD Vulnerability Disclosure Policy and to submit a vulnerability report:
 

Defense Industrial Base Vulnerability Disclosure Program (DIB-VDP)