Sign in Subscribe
1 min read

disclose.io - Driving safety, simplicity, and standardization in vulnerability disclosure.

disclose.io is a collaborative and vendor-agnostic project to standardize best practices around safe harbour for good-faith security research.

The project expands on the work done by Bugcrowd and CipherLaw’s Open Source Vulnerability Disclosure Framework, Amit Elazari’s #legalbugbounty, and Dropbox’s call to protect security researchers.

Our framework is designed to balance:

  • Legal completeness
  • Safe harbor for researchers
  • Safe harbor for program owners
  • Readability… For those without a legal background or who don’t speak English as their first language. In short, everyone.

Organizations displaying the disclose.io logo are committing to a set of core terms focused on creating safe harbor for good-faith security research.

In order to uphold this commitment, such organizations are required to provide:

  • Clear definitions regarding the permitted Scope.
  • One or more Official Communication Channels.
  • A formal Disclosure Policy.

Published by:

caseyjohnellis

You might also like...

Jun
13

Builders and Breakers: Partnering for Secure Elections

1 min read
Jun
13

Bugs on a Plane: Implementing a Bug Bounty in an Airline IT/OT Environment

1 min read
Sep
18

My office setup - Part 3 (US edition)

3 min read
Sep
17

DEF CON 31 Policy - All Your Vulns Are Belong to Terms and Conditions

34 min read
Aug
24

The RSnake Show!

2 min read