Skip to content
Patchstack Docs

Getting started

What is a managed vulnerability disclosure program (mVDP)?

Managed vulnerability disclosure program (or mVDP) is a free security platform, offered by Patchstack to all third party software vendors. Patchstack’s mVDP platform faciliates efficient communication between software vendors and security researchers, improving the overall efectiveness of security processes. Patchstack has streamlined security management for hundreds of vendors, including Elementor, Slider Revolution, WP Rocket, and many others.

For more information, check out this page.

If you want to connect your plugin with Patchstack’s security program, fill out the form here.

Why do I need mVDP program?

Having a security program in place raises trust among your customers, while making it easy for security researchers to report found security bugs to you. You will have a central dashboard to keep an eye on all reported security bugs, and track the progress. Efficient communication is the key in keeping your software safe and that’s what Patchstack’s mVDP platform provides.

How to apply for the mVDP program?

To apply for the mVDP platform, you need to fill out the form here: https://patchstack.typeform.com/to/dgdlxiRA

How does this benefit security researchers?

Patchstack incentivizes researchers through a monthly bounty pool. Researchers receive extra Alliance XP for reporting vulnerabilities in software with a mVDP. Patchstack is also a registered CNA, allowing us to claim CVE records for the researchers findings. This is valuable proof they can use to show their expertise in security on profiles they can showcase to the security community and industry.

Are premium plugins and themes also accepted?

Yes, mVDP is free for all. When applying, make sure to mark when a plugin has both premium and free versions.