Disclose.io: Security Research Safe Harbor

disclose.io is a cross-industry, vendor-agnostic standardization project for safe harbor best practices to enable good-faith security research.

†   a provision which specifies that certain conduct will not violate a rule, given good faith

Read the Security Community Response to Voatz's Supreme Court Amicus Brief
GitHub organization

Our goals

  • Legal completeness

    Be useful to researchers whilst keeping legal teams happy. 😇

  • Set the safe harbor standard for researchers, vendors & program owners

    Define expectations — scope, communication lines, disclosure policy, etc, …

  • Accessible & understandable

    Be easily understandable by as many people as possible.