Code Monkey home page Code Monkey logo

policymaker's Introduction

The disclose.io Database (diodb)

A true, community-powered, vendor agnostic directory of all known VDP and BBPs, contact details, policy location, preferred languages, and the status of:

  • Safeharbor
  • Availability rewards, hall of fame, swag
  • Disclosure policy

Disclose.io Vulnerability, VDP, and Bug Bounty Program Database

Quick links

Purpose Link
Search through the database front-end https://disclose.io/programs
Download the raw database in .json format https://github.com/disclose/diodb/raw/master/program-list.json
Generate your own Vulnerability Disclosure Program https://policymaker.disclose.io/
Join disclose.io Community Forum https://community.disclose.io
Learn more about Vulnerability Disclosure Programs (VDP) https://github.com/disclose/dioterms

Why does diodb exist?

diodb exists to drive the adoption of Safe Harbor for hackers and promote the cybersecurity posture of early adopters, simplify the process of finding the right contacts and channel at an organization, and help both finders and vendors align around the expectations of engagement. It also provides a simple, vendor-agnostic point of engagement for program operators, potential program operators, and the security community to maintain updates to their program.

How to Contribute

Contributions are very welcome! You may add a new program or update an existing one by either opening an issue or a pull request.

Open an Issue

or

Follow the contribution guidelines to prepare and open a Pull Request

License

Creative Commons License
disclose by disclose.io is licensed under a Creative Commons Attribution 4.0 International License.

policymaker's People

Contributors

caseyjohnellis avatar haxormad avatar jmanoto avatar xelkomy avatar yesnet0 avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar

Forkers

yesnet0 haxormad xelkomy parasu1986 5a1f yosignals fulan0dental aleph-works cybersecurity-labs ethicalsecurity-agency

policymaker's Issues

Third Party Safe Harbor

Something like the following would be appreciated if we could include it:

Third Party Safe Harbor

If you submit a report in accordance with this Policy which affects a third party service we may be required or have an obligation to share certain information with the affected third party. For example, we may share non-identifying content from your report with an affected third party. Except as required by law, we will not share your identifying information with any affected third party without first notifying you.

Please note that we cannot authorize out-of-scope testing in the name of third parties, and such testing is beyond the scope of our Policy. Please contact any third party either directly or through a legal representative, or refer to such third party’s vulnerability disclosure Policy before initiating any testing on that third party or their services. This is not, and should not be understood as, any agreement on our part to defend, indemnify, or otherwise protect you from any third party action based on your actions.

That said, if legal action is initiated by a third party, including law enforcement, against you because of your participation in research under this policy, and you have sufficiently compiled this policy (i.e. have not made intentional or bad faith violations), we will take steps to make it known that your actions were conducted in compliance with this policy. While we consider submitted reports both confidential and potentially privileged documents, and protected from compelled disclosure in most circumstances, please be aware that a court could, despite our objections, order us to share information with a third party.

Of the above, I think the following line is the most important:

Except as required by law, we will not share your identifying information with any affected third party without first notifying you.

This is pulled from the policies from both Microsoft and Gradle:

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.