The disclose.io Project

Time 2022-09-26 09:12:29

Web Name: The disclose.io Project

WebSite: http://www.disclose.io

ID:329838

Keywords:

disclose,The,Project,io

Description:

disclose.io

We're here to make vulnerability disclosure safe, simple, and standardized for everyone.

Let's get started...

Deploy a VDP using Policymaker

Generate a customized and disclose.io compliant VDP with our free template-based VDP policy, safe harbor clause, securitytxt, and DNS Security TXT generator.

Search for VDP and bug bounty programs

Search vulnerability disclosure and bug bounty programs in our database, get details on where to submit security findings, and understand their safe harbor status.

Get disclosure assistance

Get help finding security contacts from the disclose.io Community, and collaborate with like-minded folks working on making the Internet a safer place!

Internet superheroes

Some of the legends working on disclose.io who eat, sleep, and breathe making the Internet safer

caseyjohnellis

Founding Member

amitelazari

Founding Member

chloemessdaghi

Founding Member

jack

Contributor/Maintainer

harleygeiger

Contributor/Maintainer

esquiring

Contributor/Maintainer

beauwoods

Contributor/Maintainer

jmanoto

Contributor/Maintainer

andrewmohawk

Contributor/Maintainer

sickcodes

Contributor/Maintainer

dantrauner

Contributor

infosecjen

Contributor

jhaddix

Contributor

its-a-lisa

Contributor

max

Contributor

hakluke

Contributor

jonathan

Contributor

0ddinput

Contributor

Frequently asked questions

Got a quick question? Let's get you a quick answer

Who is disclose.io for?Hackers and Finders: You want to help, and you’re not sure that you’re welcome - We want to help you make safe decisions and connect you to the right people to take action on your inputLegal teams: Vulnerability reporting and research is tricky, and inviting the help of hackers is still legally novel territory - We want to make it simple for you to make consensus-backed recommendationsOrganizations: Vulnerabilities are inherent to innovation, but it still takes guts to say so - We want to help you say so loudly and proudlySecurity Researchers: You’ve been waiting for the red carpet - We’ll help you find itHow do I interact with or contribute to the disclose.io projects?

Glad you asked!

Start a vulnerability disclosure program (VDP), or upgrade your VDP or bug bounty program to include best practices like Safe Harbor and proactive disclosure timelinesJoin the community, contribute or assist with vulnerability research, and help finders connect with security teams to alert them of identified risksHelp us keep “The Big List” of known VDPs and bug bounty programs up-to-date by submitting a PR to the dioterms repoContribute to the dioterms open-source vulnerability disclosure policy by raising an issue on the repo… or add a language or regional legal translations by submitting a PRVolunteer as a core contributor/maintainer on one of our existing projectsRecommend a new project to support our mission the make vulnerability disclosure safe, simple, and standardized.I have an idea for a project, how to I get started?

Awesome! Get in touch via our contact form, we’ll add you to the disclose.io working group Slack, spin up a repo, and go from there!

Is disclose.io a 501.c3 (Not For Profit)?

disclose.io was formed as a merge of seperate standardization projects initiated by RainForest Puppy, Bugcrowd, Cipherlaw, Dropbox, Dr. Amit Elazari, UC Berkeley, the National Transport and Information Authority, the US Department of Justice, and others.

We’re currently in the process of incorporating and pursuing status as a 501.c3 Not For Profit.

What is Safe Harbor?

Most of the existing anti-hacking laws pre-date the notion of hacking for good or widespread knowledge of the “digital locksmiths” who are increasingly influencing modern-day digital safety.

These anti-hacking laws have been used by organizations to suppress good-faith security research in the pursuit of limiting negative publicity for the vendor, which nets out to a “chilling effect” on the input from the people the Internet needs to hear from most. If hackers are the Internet’s Immune System, then right now, even in 2021, the Internet still has an auto-immune problem.

“Safe Harbor” is the term used to describe clauses added to public policies which allow folks acting in good faith, as defined clearly and proactively by the recipient, to provide security feedback without fear of legal repercussions.

disclose.io intends to help define, spread, and reward the adoption of vulnerability disclosure programs with best practices like Safe Harbor.

Is this legal advice?

While we’ve engaged the legal opinion of many, this does not constitute legal advice. Please consult your legal counsel for the specific suitability of the disclose.io terms in your organization.

Why does The disclose.io Project exist?

A couple of talks to get you started...

An intro to disclose.io and hacker safety

caseyjohnellis at HackerCon 2021

Hacking the Law - Are Bug Bounties a True Safe Harbor?

Amit Elazari at BSidesSF 2018

Didn't find what you were looking for?

Contact Us

Introduction

What is disclose.ioVision and MissionDesign strategyKey objectivesdiostatus - The disclose.io best practice maturity model

Getting started

For finders and hackersFor organizations and legal teamsOpen-source contributors

Projects

Project directoryJoin a project

Resources

Community

The disclose.io DiscoursePress mentionsConference talks and videosAdvocacy and activismLegal disclaimerHomeDocsBlogHistoryProgram Search

TAGS:disclose The Project io

<<< Thank you for your visit >>>

Hot Websites