Welcome to the Open Source Vulnerability Disclosure Framework
Update (4/27/18) - This repo will be deprecated and the project moved and merged with https://github.com/disclose/dioterms over the next few weeks
Update (10/27/19) - This repo, along with the master JSON for The List, has been moved to https://github.com/disclose/disclose
This Framework is maintained by Bugcrowd and CipherLaw. It is designed to quickly and smoothly prepare your organization to work with the independent security researcher community while reducing the legal risks to researchers and companies. The policy itself has been written with both simplicity and legal completeness in mind.
- Setting up a Vulnerability Disclosure Program - A step by step best practices guide on how to setup your program.
- Vulnerability Disclosure Policy - A boilerplate vulnerability disclosure policy.
=============================
License
Open Source Responsible Disclosure Framework by Bugcrowd is licensed under a Creative Commons Attribution 4.0 International License.