@disclose.io
📤 12
đź“Ą 2
đź“ť 25
Microsoft's MSRC just invoked the Digital Crimes Unit against the researcher behind six Windows zero-days, and the pioneers of coordinated disclosure are publicly disputing the framework Microsoft is invoking. Policy Pulse Issue 17:
blog.disclose.io/policy-pulse...
loading . . .
https://blog.disclose.io/policy-pulse-issue-17-week-of-may-30-2026/
https://blog.disclose.io/policy-pulse-issue-17-week-of-may-30-2026/
1 day ago
0
0
0
Peter G. Neumann, 1932-2026. Forty-one years moderating the ACM RISKS Forum. Five decades arguing that secure systems need hardware foundations and formal methods. The conscience of computer security. This week's Policy Pulse leads with his tribute.
blog.disclose.io/policy-pulse...
loading . . .
https://blog.disclose.io/policy-pulse-issue-16-week-of-may-23-2026/
https://blog.disclose.io/policy-pulse-issue-16-week-of-may-23-2026/
9 days ago
0
0
0
Hackers on the Hill — June 16, US Capitol. Researchers and Hill staff, same room. Real 1:1 office briefings. No vendors. No shilling. If you build or break for a living and want policy to reflect that — show up.
hackersonthehill.org/us-2026
#infosec
#cyberpolicy
loading . . .
https://hackersonthehill.org/us-2026
https://hackersonthehill.org/us-2026
17 days ago
0
0
0
Policy Pulse Issue #14: UK and Ireland line up behind Project Glasswing as Mythos forces a new disclosure reality. CyberUp ranks the UK behind US, France, and Australia on researcher protections.
https://blog.disclose.io/policy-pulse-issue-14-week-of-may-9-2026/
23 days ago
0
0
0
Policy Pulse #9: OWASP's Agentic AI Top 10 redefines what VDP programs need to handle. Plus: OpenAI safety bounty, Langflow exploited in 20hrs, GSA's first AI acquisition clause.
https://blog.disclose.io/policy-pulse-issue-9-week-of-april-6-2026/
about 2 months ago
0
0
0
The CVE program is "saved" by a mystery contract with a mystery number. Transparency? Not so much. Plus:
lookup.disclose.io
beta is live, EU CRA hits 6 months, exploited vulns up 105%. Policy Pulse #8:
https://blog.disclose.io/policy-pulse-issue-8-week-of-march-29-2026/
#CVE
#PolicyPulse
2 months ago
0
0
1
Policy Pulse Issue #7 is out. This week: NIST SSDF 1.2 deadline March 31, CIRCIA stalled by DHS shutdown, a CVE weaponized in 20 hours, NIST AI agent identity paper, and SRLDF board expansion.
https://blog.disclose.io/policy-pulse-issue-7-week-of-march-22-2026/
loading . . .
Policy Pulse - Issue #7 | Week of March 22, 2026
Your weekly briefing on cybersecurity policy affecting vulnerability disclosure and security research.
https://blog.disclose.io/policy-pulse-issue-7-week-of-march-22-2026/
2 months ago
0
0
0
Joining the Security Research Legal Defense Fund Board
loading . . .
Joining the Security Research Legal Defense Fund Board
Casey Ellis and Jen Ellis join the SRLDF board to strengthen legal defense for good-faith security researchers. Here's what it means and how you can help.
https://m.disclose.io/4stjKgG
2 months ago
0
0
0
--profile disclose --text Australia mandates VDPs for ALL smart devices — March 4. Every IoT manufacturer must accept vuln reports with 48hr SLAs. No safe harbor for researchers though. Policy Pulse #4:
https://blog.disclose.io/policy-pulse-issue-4-week-of-february-22-2026/
loading . . .
Policy Pulse - Issue #4 | Week of February 22, 2026
Your weekly briefing on cybersecurity policy affecting vulnerability disclosure and security research. This week: Australia mandates VDPs for all smart devices, MITRE CVE contract enters final countdown, and a researcher who found children's data exposed gets threatened with prosecution.
https://blog.disclose.io/policy-pulse-issue-4-week-of-february-22-2026/
3 months ago
0
0
0
Policy Pulse #3 is out. CISA BOD 26-02 targets unsupported edge devices, MITRE CVE contract 30 days from the cliff, UK statutory defence for researchers advancing, plus new data on threats facing researchers.
https://blog.disclose.io/policy-pulse-issue-3-week-of-february-15-2026/
loading . . .
Policy Pulse - Issue #3 | Week of February 15, 2026
Your weekly briefing on cybersecurity policy affecting vulnerability disclosure and security research. This week: CISA BOD 26-02 targets unsupported edge devices, MITRE CVE contract hits 30-day countdown, and UK CMA statutory defence takes shape.
https://blog.disclose.io/policy-pulse-issue-3-week-of-february-15-2026/
4 months ago
0
0
0
Wrote about this week in VDP policy—the federal contractor mandate moving through Congress could reshape the ecosystem. If you follow government supply chain policy or AI governance:
https://blog.disclose.io/policy-pulse-issue-2-week-of-february-8-2026/
loading . . .
Policy Pulse - Issue #2 | Week of February 8, 2026
Your weekly briefing on cybersecurity policy affecting vulnerability disclosure and security research.
https://blog.disclose.io/policy-pulse-issue-2-week-of-february-8-2026/
4 months ago
0
0
0
Bose open-sources its SoundTouch home theater smart speakers ahead of end-of-life
arstechnica.com/gadgets/2026...
loading . . .
Bose open-sources its SoundTouch home theater smart speakers ahead of end-of-life
If companies insist on bricking gadgets, this is a better way to do it.
https://arstechnica.com/gadgets/2026/01/bose-open-sources-its-soundtouch-home-theater-smart-speakers-ahead-of-eol/
5 months ago
0
0
0
Platforms.disclose.io
just added 25 NEW bug bounty and VDP platforms! - @disclose_io Community Forum
m.disclose.io/4p3Zu3p
loading . . .
Open-Sourced Collection of Bug Bounty Platforms
Open-Sourced Collection of Bug Bounty Platforms Part of The @disclose_io Project.
https://Platforms.disclose.io
5 months ago
0
0
0
m.disclose.io/2WIvxxz
just added 25 NEW bug bounty and VDP platforms! - @disclose_io Community Forum
loading . . .
Platforms.disclose.io just added 25 NEW bug bounty and VDP platforms!
Help Us Map the Global Bug Bounty Ecosystem TL;DR: platforms.disclose.io is our community-maintained directory of 80+ bug bounty and VDP platforms worldwide. We just added 25 new platforms, and we…
https://m.disclose.io/4p3Zu3p
6 months ago
0
1
0
Hey! We just updated
platforms.disclose.io
with 25+ new bug bounty & VDP platforms! 🎯 • Web3: @Cantinaxyz @CodeHawks @CertiK @xyz_remedy • Russia: @standoff365 @bizone • Asia: @IssueHunt (Japan), @patchday_io (Korea), Butian (China) Check out the full list:
platforms.disclose.io
#BugBounty
#VDP
loading . . .
Open-Sourced Collection of Bug Bounty Platforms
Open-Sourced Collection of Bug Bounty Platforms Part of The @disclose_io Project.
https://platforms.disclose.io/
6 months ago
1
2
0
Need Help – Company Shut Down Bug Bounty Program After Fixing My 10 Reported Bugs Without Reward - Hacker Connect - @disclose_io Community Forum
loading . . .
Need Help – Company Shut Down Bug Bounty Program After Fixing My 10 Reported Bugs Without Reward
I reported 10 valid bugs including SQL Injection and account takeover to a company running a public bug bounty program. Initially, they acknowledged the reports and later fixed all the issues. But…
https://m.disclose.io/48AAAm2
6 months ago
0
0
0
Possibly uncovering a domain spoofing scheme targeting major real estate brands — looking for guidance - Hacker Connect - @disclose_io Community Forum
m.disclose.io/3XXk7Cc
loading . . .
Possibly uncovering a domain spoofing scheme targeting major real estate brands — looking for guidance
Hi all, I’ve come across what might be a coordinated domain spoofing or redirect scheme affecting multiple large companies in the real estate and homebuilding industry — including portals,…
https://community.disclose.io/t/possibly-uncovering-a-domain-spoofing-scheme-targeting-major-real-estate-brands-looking-for-guidance/924
6 months ago
0
0
0
Risky Bulletin: Russian bill would require researchers to report bugs to the FSB đź‘€
m.disclose.io/4oTTbz1
loading . . .
Risky Bulletin: Russian bill would require researchers to report bugs to the FSB - Risky Business Media
Russian lawmakers are working on a new bill that would require security researchers, security firms, and other white-hat hackers to report [Read More]
https://m.disclose.io/4oTTbz1
7 months ago
0
0
0
Ugh… It’s 2025 and vendors still don’t understand the Streisand-effect. cc: @disclose_io (
threats.disclose.io
) YouTuber with nearly 4M subscribers sued by lock company after he breaks into lock with just a can
www.uniladtech.com/social-media...
loading . . .
YouTuber with nearly 4M subscribers sued by lock company after he breaks into lock with just a can
YouTuber Trevor McNally was sued by a lock company after he broke into one of their products using just a can, all for entertainment on his channel.
https://www.uniladtech.com/social-media/youtube/youtuber-trevor-mcnally-sued-lock-company-using-can-920271-20251028
7 months ago
0
0
0
Research on legal risk experiences — seeking interviewees - Hacker Connect - @disclose_io Community Forum
m.disclose.io/4lkPpgy
loading . . .
Research on legal risk experiences — seeking interviewees
We’re doing a research project to document researchers’ lived experiences of legal risk under US and UK law. If you’ve experienced legal risks under US or UK law, and can spare an hour or two of your…
https://community.disclose.io/t/research-on-legal-risk-experiences-seeking-interviewees/916
11 months ago
0
0
0
The
disclose.io
Community Forum is Back—Here’s How to Dive In
substack.com/home/post/p-...
loading . . .
The disclose.io Community Forum is Back—Here’s How to Dive In
Rumors of it's death were greatly exaggerated...
http://disclose.io
about 1 year ago
0
1
0
👀 👀 👀 Published yesterday, ENISA’s latest guidelines outline best practices for vulnerability management and disclosure in IT products under the EU Common Criteria (EUCC).
loading . . .
https://m.disclose.io/3D1hJns
over 1 year ago
0
1
0
Policymaker: The free, open-source vulnerability disclosure program (VDP) policy, security.txt, and DNS Security TXT generator - Part of the @disclose_io Project.
loading . . .
Policymaker: Open-source vulnerability disclosure program policy, security.txt, and DNS Security TXT generator - Part of the @disclose_io Project.
Disclose.io policymaker
https://buff.ly/3O7miP1
over 1 year ago
0
1
0
dnssecuritytxt - A standard allowing organizations to nominate security contact points and policies via DNS TXT records - Part of the @disclose_io Project
loading . . .
dnssecuritytxt
A standard allowing organizations to nominate security contact points and policies via DNS TXT records.
https://buff.ly/3KPIVFJ
over 1 year ago
0
1
0
threats.disclose.io
: An ongoing collection of legal threats made against Security Researchers: over-reactions, demands, and cease & desist letters against good faith research - A part of the @disclose_io Project
https://m.disclose.io/3bfIfLT
loading . . .
Research Threats: Legal Threats Against Security Researchers
Collection of legal threats against good faith Security Researchers; vulnerability disclosure gone wrong. A continuation of work started by @attritionorg Part of The @disclose_io Project.
https://threats.disclose.io
over 1 year ago
0
1
0
you reached the end!!
feeds!
log in
