A brief history of vulnerability disclosure

It’s easy to look at the steadily improving relationship between hackers and companies and presume that it has always been this way, but that is far from the truth.

This timeline captures some of the major events in the standardization of vulnerability reporting and disclosure, as well as the origins of The disclose.io Project.

Got a suggestion for this timeline? Send a pull request!

Oct 10, 1995

Netscape

• The first technology "bugs bounty" is launched by Netscape

Sep 28, 2001

RFPolicy

• Version 1 of the Rain Forest Puppy disclosure policy template is released

Feb, 2012

ISO 24197/30111

• ISO 24197/30111 released for paying customers

Jul 24, 2014

OSVDF

• Bugcrowd and Cipherlaw collaborate to release the Open Source Vulnerability Disclosure Framework

Apr 18, 2016

Free ISO 24197

• ISO 24197 made free to download

2018

#legalbugbounty

• Amit Elezari hits the cybersecurity talk circuit talking about legal "safe harbor" for hackers

Aug 3, 2018

Disclose.io launch

• #legalbugbounty and OSVDF combine and create The disclose.io Project
• Crunchbase listing
• Wiktia entry