
disclose.io
The infrastructure that powers vulnerability disclosure and security reporting. Safe, simple, and standardized for everyone.
Open source · vendor-neutral · home of the safe-harbor scoreboard.
Let's get started...
I want to accept security reports
Launch a VDP that researchers trust. Policymaker generates everything you need: safe harbor language, security.txt, and disclose.io-compliant policies.
I found a vulnerability
Look up who to report to. Lookup resolves any asset to its security contact, disclosure program, and safe harbor status, and helps you navigate the process.
I'm researching a program
Browse the open directory of every known vulnerability disclosure and bug bounty program, with scope, policy URLs, and safe-harbor language.
I want to protect researchers
Access model policies, legal frameworks, and safe harbor guidance. Help advance the legal protections security researchers need.
Frequently asked questions
Got a quick question? Let's get you a quick answer
Partners and friends
Organizations that share our mission, and ways to engage with them

A 501(c)(3) nonprofit that helps fund legal representation for security researchers who face legal threats as a result of good-faith security research.
If you (or someone you know) is facing legal action for good-faith research, you can apply for a defense grant.
If you want to help keep the chilling effect in check, you can donate to the fund. Donations are tax-deductible.

A community and pipeline that helps unconventional thinkers (gamers, CTF players, and bug bounty hunters) turn their talents into legitimate cybersecurity careers.
If you've got the hacker mindset and are looking for a way in, join their Discord community.
If your organization wants to hire outside the traditional pipeline, work with them as a partner to connect with their talent pool.
An I Am The Cavalry initiative that brings security researchers face-to-face with policymakers. Founded in 2017 and now global.
Events run across the US and Europe throughout the year.
If you're a researcher who wants policymakers to hear from you directly, join the mailing list to get notified about upcoming events.
Why does disclose.io exist?
A couple of talks to get you started...
An intro to disclose.io and hacker safety
caseyjohnellis at HackerCon 2021
Hacking the Law - Are Bug Bounties a True Safe Harbor?
Amit Elazari at BSidesSF 2018
Hacking Policy and Policy Hacking
Amit Elazari at BSidesSF 2023
Leonard Bailey + Casey Ellis + Marten Mickos
Cybertalks 2017
Internet superheroes
Some of the legends working on disclose.io who eat, sleep, and breathe making the Internet safer.
Stay in the loop
Weekly cybersecurity-policy news in Policy Pulse, plus disclose.io community updates and safe-harbor developments.
Subscribe to the newsletterDidn't find what you were looking for?
We're always happy to help answer your questions about vulnerability disclosure.


























