Welcome to ZeroDisclo.com!
Coordinated Vulnerability Disclosure done right
Three significant barriers exist to a researcher's participation in a vulnerability disclosure process:
- Legal uncertainty: will I get sued if I report a vulnerability to an organisation?
- Lack of appropriate existing means for disclosing a vulnerability: this is what ZeroDisclo.com aims to address.
- Insufficient or excessively slow communication with the system manager or coordinator: with ZeroDisclo.com, a CERT is the recipient and undertakes to inform and, if necessary, further coordinate the vulnerability correction process.
It is thus essential the legal security necessary to security researchers involved in the discovery of vulnerabilities. As such, it is crucial to put appropriate disclosure processes in place through supplementary advice and better practices. A long-time partner of the security research community, YesWeHack addresses barriers to coordinated vulnerability disclosure through ZeroDisclo.com. This non-profit, non-partisan platform provides the technical means and environment for researchers to report securely and for organisations to receive in all confidentiality. Please read our FAQ for further details.
If you prefer to conceal technically revealing details about yourself,
use the Tor browser and the .onion.sh ZeroDisclo.com instance.