The disclose.io project provides open-source tools and resources to standardize and simplify vulnerability disclosure. It aims to create a safer environment for both security researchers (hackers) and organizations by promoting clear guidelines and safe harbor practices.
Key features:
- VDP Policymaker: Generates customized vulnerability disclosure policies (VDPs) compliant with disclose.io standards, including safe harbor clauses and security.txt files.
- Program Search: A database of vulnerability disclosure and bug bounty programs, providing details on submission processes and safe harbor status.
- Community Support: Facilitates connections between security researchers and organizations, offering assistance in finding security contacts and collaborating on vulnerability research.
Use cases:
- Organizations: Implementing or improving VDPs to encourage responsible vulnerability reporting.
- Security Researchers: Finding and engaging with organizations that have clear and safe vulnerability disclosure programs.
- Legal Teams: Understanding and implementing safe harbor clauses to protect good-faith security research.