Skip to content

disclose/diodb

Repository files navigation

diodb · disclose.io

diodb

The community database of every VDP & bug-bounty program and its safe-harbor status — now served live at directory.disclose.io.

license live directory.disclose.io contributions welcome

Part of the disclose.io Project — the open, vendor-neutral infrastructure for vulnerability disclosure. Browse the ecosystem →


Note

diodb is the open dataset. directory.disclose.io is the live front-end.

The directory is the searchable, always-current place to look programs up. This repo is the open, version-controlled, CC0 dataset behind that story — and it remains open to contributions.

If you just want to find a program, use the directory. If you want to add or correct one in the open dataset, pull requests here are welcome — see How to Contribute.

About this dataset

Quick links

Purpose Link
Search through the database front-end https://disclose.io/programs
Download the raw database in .json format https://github.com/disclose/diodb/raw/master/program-list.json
Generate your own Vulnerability Disclosure Program https://policymaker.disclose.io/
Join disclose.io Community Forum https://community.disclose.io
Learn more about Vulnerability Disclosure Programs (VDP) https://github.com/disclose/dioterms

Why does diodb exist?

diodb exists to drive the adoption of Safe Harbor for hackers and promote the cybersecurity posture of early adopters, simplify the process of finding the right contacts and channel at an organization, and help both finders and vendors align around the expectations of engagement. It also provides a simple, vendor-agnostic point of engagement for program operators, potential program operators, and the security community to maintain updates to their program.

How to Contribute

Pull requests are welcome. To add or update a program in the open dataset:

  1. Edit program-list.json.
  2. Format and sort the file — CI enforces this, and it is the single most common reason a PR goes red:
    jq --indent 3 -s '.[] | unique_by(.program_name)' < program-list.json > _ && mv _ program-list.json
  3. Open a PR. CI will validate the JSON, check for duplicates, and verify the links.

Full guidelines are in CONTRIBUTING.md.

Prefer not to use git? You can also:

License

Creative Commons License
disclose by disclose.io is licensed under a Creative Commons Attribution 4.0 International License.

Contributors