disclose.io is a collaborative and vendor-agnostic project to standardize best practices around safe harbor for good-faith security research. The work of this project inspired by the Open Source Vulnerability Disclosure Framework and Dropbox’s call to better protect security researchers.
From the project’s GitHub repo:
Security is core to our values, and we value the input of hackers acting in good faith to help us maintain a high standard for the security and privacy for our users. This includes encouraging responsible vulnerability research and disclosure. This policy sets out our definition of good faith in the context of finding and reporting vulnerabilities, as well as what you can expect from us in return.
The design philosophy of this project seeks to combine legal completeness, safe harbor for security researchers, safe harbor for program owners, and readability.
