disclose.io - Driving safety, simplicity, and standardization in vulnerability disclosure. - 1 min
disclose.io is a collaborative and vendor-agnostic project to standardize best practices around safe harbour for good-faith security research.
The project expands on the work done by Bugcrowd and CipherLaw’s Open Source Vulnerability Disclosure Framework, Amit Elazari’s #legalbugbounty, and Dropbox’s call to protect security researchers.
Our framework is designed to balance:
- Legal completeness
- Safe harbor for researchers
- Safe harbor for program owners
- Readability… For those without a legal background or who don’t speak English as their first language. In short, everyone.
Organizations displaying the disclose.io logo are committing to a set of core terms focused on creating safe harbor for good-faith security research.
In order to uphold this commitment, such organizations are required to provide:
- Clear definitions regarding the permitted Scope.
- One or more Official Communication Channels.
- A formal Disclosure Policy.