Framework — Terms

Canonical public-domain vulnerability disclosure policy boilerplate: VDP, BBP, and safe harbor.

Legal policy boilerplate — suitable for direct adoption by any organisation running a vulnerability disclosure program or bug bounty program.

Placeholders like [Organization Name] appear styled inline. Fill these in manually, or generate a personalised copy via policymaker.disclose.io.

Vulnerability Disclosure Policy

Canonical VDP boilerplate with safe harbor, from the disclose.io framework.

Canonical VDP with an explicit coordinated-disclosure timeline.

Standalone full safe-harbor clause for attaching to an existing policy.

Condensed safe harbor clause for quick adoption.

Canonical BBP boilerplate with rewards structure and safe harbor.