
The Disclose.io Project Directory - All active and proposed disclose.io projects and services.

Core Projects

  • Policymaker - Template-based generator for VDP policy, safe harbor clauses, security.txt, and DNS Security TXT.


  • dioterms - Open-source vulnerability disclosure policy templates.
  • Disclose.io Database - Open-source vulnerability disclosure and bug bounty program database.
  • dioseal - The Disclose.io Status best practice seal.

Other Projects

  • The Disclose.io Community - Crowdsourcing the never-ending task of connecting security researchers and vulnerability finders with security teams.
  • dnssecuritytxt - A standard allowing organizations to nominate security contact points and policies via DNS TXT records.
    • Note: DNS Security TXT is currently in draft. We're actively soliciting feedback via Github Issues.
  • Research Threats - Collection of legal threats against good faith Security Researchers; vulnerability disclosure gone wrong. A continuation of work started by @attritionorg
  • Bug Bounty and VDP Platforms - A community-powered collection of all known bug bounty platforms, vulnerability disclosure platforms, and crowdsourced security platforms currently active on the Internet.
  • diodata - Tools, data, and contact lists relevant to The disclose.io Project.
  • diosts - A Go scraper that validates security.txt files and outputs them in the disclose.io JSON format.
  • data.disclose.io - Internet-wide survey of vulnerability disclosure and bug bounty program adoption.

Want to contribute?

We're always up for new ideas to take hacker/vendor relationships forward, and we're always looking for maintainers and contributors. Open a PR with a name and one-liner description of your new idea, or drop us a line at hello@disclose.io.