Skip to main content
CENEDRIL MANUAL
Open Cenedril
Public Portals · Vulnerability Disclosure

Enable the vulnerability disclosure portal

Updated on 2 min Pro plan Open in Cenedril

Goal Set up, enable, and share the public vulnerability disclosure portal with external security researchers, so that incoming reports appear in your Vulnerabilities.

In Cenedril you enable the public vulnerability disclosure portal in Security Operations of the ISMS Assistant, on the Setup tab. There you switch the portal on, optionally expose your software products for selection, and copy the reporting link. External security researchers open this address without signing in and submit vulnerabilities, which then appear in your Vulnerabilities.

Enable the portal in Setup

Open Security Operations

Open the ISMS Assistant and switch to Security Operations. Select the Setup tab at the top. This tab groups escalation, notifications, and the vulnerability disclosure policy.

The “Setup” tab in Security Operations, with the sections for notifications, incident management, and the vulnerability disclosure portal.

Expand the Vulnerability Disclosure Portal section

Expand the Vulnerability Disclosure Portal section. Here you control the public portal through which external security researchers can report vulnerabilities in your products.

Enable the portal

Switch Enable Portal on. As soon as the switch is active, Cenedril reveals the Portal URL. A message confirms that the portal has been enabled.

The “Enable Portal” switch and the Portal URL revealed below it.

Expose software products

In the Own software products area, turn on the switch per product so it appears for selection in the public portal. Reporters can then state which product is affected. Use Add new product to enter a further product and pick the type Software product or Mobile app.

Copy and share the Portal URL

Copy the Portal URL with the button next to the address field. Hand this address to security researchers or link it from your website. The public address has the form /vd/ followed by a unique key and is reachable without signing in.

Track incoming reports

At the public address, security researchers see your logo and the Report a vulnerability form, with fields for the affected product, title, description, and an optional email address. After submitting, the report appears as a vulnerability in your Security Operations.

The public reporting form with product selection, title, description, and an optional email address.

Every submitted report lands in Security Operations under Vulnerabilities. There you triage the finding, assign a responsible person, and track it through to remediation.

Result: the portal is active, the Portal URL is shared, and exposed products are available to reporters for selection. Incoming vulnerabilities appear in Security Operations and can be handled there.

Frequently asked questions

Do reporters need a Cenedril account?

No. The portal is reachable at the public address /vd/<key> without signing in. Security researchers open the link, optionally pick the affected product, describe the vulnerability, and submit the report. They can volunteer an email address to receive a confirmation and a notification once the vulnerability is fixed.

Where do incoming reports go?

Every vulnerability submitted through the portal appears in Security Operations under Vulnerabilities, where you triage it together with your other findings, assign a responsible person, and track it through to remediation.

Which products appear in the portal?

The public portal offers your own software products and mobile apps whose switch is on in Setup. Reporters can then state which product is affected. Without exposed products the report stays generic.

How do I share the portal?

Once the portal is active, Setup shows the Portal URL with a copy button. Hand this address to security researchers or link it from your website, for example via a security.txt file.

Can I switch the portal off again?

Yes. Turn the 'Enable Portal' switch off again in Setup. The public address then shows the notice that the portal is currently not active and accepts no further reports.

Public Portals

Enable the DSAR portal and handle requests

How to enable Cenedril's public data subject rights portal, share the portal link and work incoming requests through to a documented close.

Security Operations & Threat Intel

Schwachstellen-Behebung nachverfolgen

So verfolgen Sie in Cenedril den Behebungsfortschritt einer gemeldeten Schwachstelle entlang der Phasen Erkannt, Bewertung, Entscheidung und Auflösung bis zum Abschluss.