Let’s send best practice viral!
Disclose.io Status provides recognition to early adopters of vulnerability disclosure programs, and a clear path towards best practices for those wanting to become more advanced.
| security.txt | Basic | Partial | Full | Full with CVD | |
|---|---|---|---|---|---|
 |
 |
 |
 |
 |
|
| security.txt or dnssecuritytxt | Yes | Optional | Optional | Optional | Optional |
| Written policy | No | Yes | Yes | Yes | Yes |
| Good-faith statement | No | No | Yes | Yes | Yes |
| Explicit authorization | No | No | No | Yes | Yes |
| Public and proactive CVD timeline | No | No | No | No | Yes |
In combination with the Disclose.io Seal, diostatus clearly communicates:
- The availability of of a vulnerability disclosure program (VDP) or bug bounty program (BBP);
- The degree of legal safety a finder can expect;
- The types of security research activities that are blessed by the organization; and
- The maturity of an organization’s vulnerability intake program and, by extension, its overall cybersecurity program.
Leveraging network-effect to promote best practice is a core design goal of The disclose.io Project. Diostatus and dioseal together create a “race-to-the-top” by making adoption of best practice rewarding, desirable, and viral.
How is it managed?
diodb is the system of record for diostatus. diodb’s open-source and transparent nature provides full insight into changes, additions, and even downgrades of a diostatus.
Each status level has a corresponding dioseal, which organizations can display on their security page, policy page, shopping cart checkout, or elsewhere on a website.