Information for Researchers & Reporters
We empower security researchers with a professional, legally-aligned framework for reporting vulnerabilities to EU-based companies.
Professional Reporting Framework
Reporting vulnerabilities in digital products shouldn't be a legal risk. The CVDPortal provides a standardized intake process that aligns with ENISA Coordinated Vulnerability Disclosure (CVD) guidelines.
By using these portals, you ensure that your technical findings reach the right security officers through encrypted channels, ensuring high-quality triaging and fair recognition.
Your Obligations & Benefits
- Confidentiality: Maintain silence until a patch is released (max 14 days under 14-day cycle).
- Documentation: Provide clear remediation steps and technical proof-of-concept.
- Safe Harbor: Follow the policy to avoid legal repercussions for security research.