Follow @disclose is a collaborative and vendor-agnostic project to standardize best practices around safe harbor for good-faith security research.

Read the core terms

The project expands on the work done by Bugcrowd and CipherLaw’s Open Source Vulnerability Disclosure Framework, Amit Elazari’s #legalbugbounty, and Dropbox’s call to protect security researchers.

Our framework is designed to balance:

1For those without a legal background or who don’t speak English as their first language. In short, everyone.

Organizations displaying the logo are committing to a set of core terms focused on creating safe harbor for good-faith security research.

In order to uphold this commitment, such organizations are required to provide:

We’re looking for hackers, lawyers, and program owners to collaborate with.
Please submit any questions or comments by filing a new issue on GitHub.