As a finder…
…who has discovered a security issue, I need help to understand where I should report my findings in a way that balances my own legal safety with my confidence in the issue actually being addressed.
…who is a part of the security community, I want to help my peers solve these problems in the same way I want them to be solve myself.
As a security researcher…
…who wants to conduct research, I need to know where I can apply my proactive security research skills without fear of legal recourse.
…who has discovered a security issue, I need help to understand where I should report the issue, and whether or not I can feel safe doing so.
…who is looking for organizations who value my skills and help, I want to be able to find them and be confident that what they tell me is an accurate reflection of their position as an organization.
How disclose.io can help
- Search for program contact details in the diodb open-source vulnerability disclosure directory.
- Check the organizations Disclose.io Status for a quick view of how receptive they are to vulnerability reports and security research.
- Take advantage of disclose.io tools like the diosts security.txt scanner in your workflow to build automation around security research and reporting.