disclose.io is a collaborative and vendor-agnostic project to standardize best practices around safe harbour for good-faith security research.
The project expands on the work done by Bugcrowd and CipherLaw’s Open Source Vulnerability Disclosure Framework, Amit Elazari’s #legalbugbounty, and Dropbox’s call to protect security researchers.
Our framework is designed to balance:
Organizations displaying the disclose.io logo are committing to a set of core terms focused on creating safe harbor for good-faith security research.
In order to uphold this commitment, such organizations are required to provide: