Welcome to the Open Source Responsible Disclosure Framework
This Framework is maintained by Bugcrowd and CipherLaw. It is designed to quickly and smoothly prepare your organization to work with the independent security researcher community while reducing the legal risks to researchers and companies. The policy itself has been written with both simplicity and legal completeness in mind.
- Setting up a Responsible Disclosure Program - A step by step best practices guide on how to setup your program.
- Responsible Disclosure Policy - A boilerplate disclosure policy.
Bugcrowd lets companies run responsible disclosure programs using our Crowdcontrol platform for free. Crowdcontrol securely manages the vulnerability submission process, all communications with the researcher, and provides an automated Hall of Fame for you to credit those who've helped you. Learn more at https://bugcrowd.com/products/responsible-disclosure
Open Source Responsible Disclosure Framework by Bugcrowd is licensed under a Creative Commons Attribution 4.0 International License.