Disclose.io: Security Research Safe Harbor

disclose.io is a cross-industry, vendor-agnostic standardization project for safe harbor^† best practices to enable good-faith security research.

† a provision which specifies that certain conduct will not violate a rule, given good faith

Free Tools for Programs and Researchers Join the Community

Read the Security Community Response to Voatz's Supreme Court Amicus Brief

GitHub organization

Our goals

Legal completeness

Be useful to researchers whilst keeping legal teams happy. 😇
Set the safe harbor standard for researchers, vendors & program owners

Define expectations — scope, communication lines, disclosure policy, etc, …
Accessible & understandable

Be easily understandable by as many people as possible.