Vulnerability Disclosure
Public intake, safe harbour enforcement, and 9-state governance for responsible disclosure.
Does this sound familiar?
Security researchers report vulnerabilities by email. Reports get lost in inboxes. There is no safe harbour policy. Disclosure timelines are missed. The process has no governance and no audit trail.
Vulnerability Disclosure with Fig
Public Intake
Rate-limited API endpoint accepting anonymous vulnerability reports. Supports email, web form, API, and bug bounty platform channels. Reports routed to the right organisation automatically.
Safe Harbour Enforcement
12+ configurable policy controls governing scope, channels, SLAs, and lifecycle logging. Exploitation breach detection protects both researchers and organisations.
9-State Governance
Reported, Triaged, Remediation, Remediated, Verified, Disclosed, Closed. Each state transition logged with full audit trail. Severity reassessment with CVSS vector and rationale.
Disclosure Management
Disclosure timeline tracking with advisory URL linking. Coordinated disclosure with researcher communication. Metrics: MTTA, MTTR, SLA breach rate, and disclosure compliance rate.
Fig provides a public intake endpoint for vulnerability reports with rate limiting, safe harbour statement enforcement, anonymous reporting support, and severity-based remediation SLAs with coordinated disclosure timeline tracking.
Who uses this?
MSPs & MSSPs
Offer vulnerability disclosure programme management as a service. Standardised intake and governance across client portfolios.
Learn moreSecurity & Risk Teams
Run a compliant vulnerability disclosure programme meeting ISO 29147 and ISO 30111 requirements without a separate tool or manual email processes.
Learn moreCompliance & Audit
Complete evidence of disclosure programme governance, researcher communications, remediation timelines, and lessons learned for regulatory review.
Learn moreCommon questions
See Vulnerability Disclosure in action
Book a walkthrough tailored to your frameworks and tooling.
Request a Demo