Blueprint Cyber Security

Bug Bounty Management

Leverage the IT security professional community to protect your website against malicious actors with bad intent.

In addition to our services such as Penetration Testing, as part of our corporate social responsibility and commitment to a safer internet for everyone, we offer complementary managed bug bounty programs(also known as responsible disclosure programs) for all Dutch websites.
We help website owners set up a responsible disclosure policy in accordance with the National Cyber Security Centrum’s (NCSC) recommended guidelines. Specifying a clear scope for researchers to disclose vulnerabilities found on the websites, enrolled in our program. If a vulnerability has been discovered on a client’s website, our certified IT security professionals will verify the vulnerability disclosed by the researcher. Our IT security professionals will then formulate a recommendation on how to fix the vulnerability found, to the client. It is up to the client to decide whether to give credit and/or a small thank you gift to the researcher for finding the verified vulnerability.

As this service is completely free, we have a maximum of 100 websites that we can manage. Registration for this service will be closed once our maximum is reached.

How it Works

Contact us and ask about our bug bounty management program Our Consultants will start the onboarding process straight away.

Policy Agreement & Scoping

Together we start with establishing the scope of permitted testing & the target website(s)
Together we draft the initial responsible disclosure policies.

Finalize Responsible Disclosure Policy

Upload the final agreed upon responsible disclosure policy to your web application
Place our CERT / disclosure email address on the designated responsible disclosure page. Place our public encryption key on your responsible disclosure(assures secure communication)

Vulnerability Discovery & handling

When a potential vulnerability has been submitted, our certified IT Security consultants will:

Investigate the reported bug / vulnerability
Assess if it is a vulnerability
Inform your organization, with recommendation

Researcher Reward and Aftercare

Based on the severity of the vulnerability, it is at your discretion to reward the external research for finding and reporting the vulnerability.
Blueprint's consultants will be available, if needed, to provide additional aftercare and support

Get a Free Consultation

Get the right advice from the start, or tell us what you are looking for. Our consultants are here to help

Bug Bounty Management

Bug Bounty Management

Leverage the IT security professional community to protect your website against malicious actors with bad intent.

*As this service is completely free, we have a maximum of 100 websites that we can manage. Registration for this service will be closed once our maximum is reached.*

How it Works

Policy Agreement & Scoping

Finalize Responsible Disclosure Policy

Vulnerability Discovery & handling

Researcher Reward and Aftercare

Get a Free Consultation

As this service is completely free, we have a maximum of 100 websites that we can manage. Registration for this service will be closed once our maximum is reached.