PSIRT Response

The first 72 hours of a vulnerability report — without inventing the playbook in real time.

A free 17-question readiness self-assessment, built for startups, founder-CISOs, and small product teams. With it comes a working toolkit: runbooks, communication templates, regulatory decision trees, and worked sample incidents. (PSIRT stands for Product Security Incident Response Team.) The assessment runs in your browser. Your answers never leave your device.

Take the free assessment See the toolkit tiers
Pick a tier

Three tiers — one for individuals, one for small product teams, one for enterprise PSIRT functions.

Solo
$49one-time
For individual practitioners, founder-CISOs, and open-source maintainers.
  • 17-question assessment with expert annotations on every question
  • Solo Practitioner Toolkit (10 reference PDFs)
  • PSIRT Five Commandments poster
  • Startup First-Report sample incident
  • Customer Trust Page templates
Buy Solo — $49
SMB Most popular
$99one-time
For small product teams and startup PSIRT leads.
  • 17-question assessment with full remediation roadmap
  • PSIRT Response Playbook and First-72-Hours Runbook
  • Stakeholder Communication Template Library
  • Regulatory Notification Decision Tree
  • Coordinated-disclosure in-depth playbook
  • Three worked sample incidents (~200 pages total)
Buy SMB — $99
Enterprise
$299one-time
For enterprise PSIRT teams and consultants running client engagements.
  • Everything in SMB
  • Role-based assessment views for analysts, leads, engineering, legal, and executives
  • Tabletop scenario generator and sector overlays
  • Multi-country regulatory reference, plus a cyber-insurance and liability playbook
  • Forensics and evidence preservation; bug-bounty operations manual
  • PSIRT for AI systems, plus AI-assisted PSIRT operations
  • Excel calculators for incident cost, review trends, and readiness tracking
  • Quarterly board-briefing slide deck
  • Single-organisation licence. A consultant licence is available on request.
Buy Enterprise — $299
How it works

Two paths into the toolkit.

1. Take the free assessment

17 questions across Governance, Technical, and Communication readiness. About five minutes. Returns a scored snapshot of how prepared you are to receive and handle a vulnerability report, before one arrives. Runs in your browser — no email required, no data transmitted.

Take the free assessment →

2. Download the free Vulnerability Disclosure Policy template

A working policy you can customise and publish on your security page, including safe-harbor language, scope, and a stated response Service-Level Agreement. Have it reviewed by qualified legal counsel before you publish.

Get the free VDP template →

Built by practitioners; respects yours.

The free PSIRT self-assessment scores you in the browser. We do not collect your answers, your score, or your priority-gap list. We collect your email address only if you choose to enter it for the Vulnerability Disclosure Policy template. Nothing else.

Our website uses Cloudflare's server-side traffic analytics for aggregate page counts — no JavaScript injection, no cookies, no identifiable data.

Related toolkits
Small-Business Security

SMB Security Assessment

If your company also runs internal Information Technology (IT) — not just the product — the SMB Security Assessment covers the controls cyber insurers ask about.

See the SMB Security Assessment →