Our Vision: A healthy and ubiquitous Internet Immune System
Our Mission: To drive vulnerability disclosure adoption through safety, simplicity, and standardization.
disclose.io is a collaborative and vendor-agnostic movement that engages security researchers, corporate and independent legal experts, and industry leaders from all around the world.
The disclose.io Project exists to drive the accelerated adoption of vulnerability disclosure best practices including bi-lateral safe harbor, readability for non-legal and non-native language audiences, and a recognizable mark of solidarity with the disclose.io movement.
- The Terms - A collection of boilerplate vulnerability disclosure policy templates for various geographic juridictions and industry verticals, including high-level generic and simplified term boilerplates.
- The List - A community-powered list of every known VDP and public bug bounty program, along with it's safe harbor status.
- The Seal - A recognizable mark to indicate safety for hackers and adoption of best practice to customers.
- Tools and Data - Useful data and tools for researchers, program owners, and legal teams.
(Note: While this project engages the legal opinion of many, it does not constitute legal advice. Please consult your legal counsel for the specific suitability of the disclose.io terms in your organization.)
- Choose the legal terms that best fit your vulnerabilty disclosure or bug bounty progam.
- Add the appropriate disclose.io seal to your public program brief.
- Submit a pull request to add your program to the open-source disclose.io program list.
- Let the world know you're joining the movement! Here are some examples of others who have.
- Contribute back! We're looking for lawyers, hackers, and experts to collaborate. Check our issues log.
For a more complete overview of disclose.io, a presentation from GRIMMCon is available here, and a video walkthrough of the project is available here.