The UAE Cyber Security Council's mission is to protect critical systems from vulnerabilities and secure sensitive data of government entities and CIIs from misuse and unauthorized disclosure.

To achieve this mission, the UAE Cyber Security Council (CSC) has implemented the Vulnerability Disclosure Program (VDP). This program proposes the development of a structured framework and supporting infrastructure to help entities mitigate cyber risk by supporting and enabling the proactive disclosure of vulnerabilities.

The National Vulnerability Disclosure Policy (VD Policy) is a key enabler of the program and is intended to provide guidance on permissible testing activities and the use of formalized platforms to submit discovered vulnerabilities.

 

• The council has established this policy to facilitate the identification of potential vulnerabilities while operating within the tenets of UAE’s cybercrime laws. This will enable the mitigation of potential consequences on critical systems and services, thereby strengthening the UAE's cyber resilience.

Ethical Testing

Provide requirements to ensures that tests are conducted in good faith, maintaining system safety during execution.

 

Registration

Outlines registration requirements for VD Program to ensures transparency is maintained while using the VDP platform by both testers and entities.

 

Reporting

Establishes requirements for timely reporting of vulnerabilities related to UAE-based entities.

 

Validation and Acknowledgement

Provide requirements for review and validation of reported vulnerabilities and communicate them to the impacted entities.

 

Rewards and Closure

Highlights requirements to recognize and reward testers under a non-monetary benefit program.