A true, community-powered, vendor agnostic directory of all known VDP and BBPs, contact details, policy location, preferred languages, and the status of:
- Safeharbor
- Availability rewards, hall of fame, swag
- Disclosure policy
| Purpose | Link |
|---|---|
| Search through the database front-end | https://disclose.io/programs |
| Download the raw database in .json format | https://github.com/disclose/diodb/raw/master/program-list.json |
| Generate your own Vulnerability Disclosure Program | https://policymaker.disclose.io/ |
| Join disclose.io Community Forum | https://community.disclose.io |
| Learn more about Vulnerability Disclosure Programs (VDP) | https://github.com/disclose/dioterms |
diodb exists to drive the adoption of Safe Harbor for hackers and promote the cybersecurity posture of early adopters, simplify the process of finding the right contacts and channel at an organization, and help both finders and vendors align around the expectations of engagement. It also provides a simple, vendor-agnostic point of engagement for program operators, potential program operators, and the security community to maintain updates to their program.
Contributions are very welcome! You may add a new program or update an existing one by either opening an issue or a pull request.
or
Follow the contribution guidelines to prepare and open a Pull Request
disclose by disclose.io is licensed under a Creative Commons Attribution 4.0 International License.
