Let’s send best practice viral!
Disclose.io Status provides recognition to early adopters of vulnerability disclosure programs, and a clear path towards best practices for those wanting to become more advanced.
|security.txt||Basic||Partial||Full||Full with CVD|
|security.txt or dnssecuritytxt||Yes||Optional||Optional||Optional||Optional|
|Public and proactive CVD timeline||No||No||No||No||Yes|
In combination with the Disclose.io Seal, diostatus clearly communicates:
- The availability of of a vulnerability disclosure program (VDP) or bug bounty program (BBP);
- The degree of legal safety a finder can expect;
- The types of security research activities that are blessed by the organization; and
- The maturity of an organization’s vulnerability intake program and, by extension, its overall cybersecurity program.
Leveraging network-effect to promote best practice is a core design goal of The disclose.io Project. Diostatus and dioseal together create a “race-to-the-top” by making adoption of best practice rewarding, desirable, and viral.
How is it managed?
diodb is the system of record for diostatus. diodb’s open-source and transparent nature provides full insight into changes, additions, and even downgrades of a diostatus.
Each status level has a corresponding dioseal, which organizations can display on their security page, policy page, shopping cart checkout, or elsewhere on a website.