Solutions
- Initiatives
  - Business Initiatives
    What is your cybersecurity need?
  - Secure the Attack Surface
    Protect your evolving assets.
  - Secure Software Development
    Scale app security across the SDLC.
  - Digital Brand Trust
    Build your brand and protect your customers.
  - Ensure Compliance
    Meet compliance requirements and more.
  - Hidden Placeholder
    Hidden Placeholder
- Industries
Products
- Explore
  - Explore the Products
    Reshaping the way companies find and fix critical vulnerabilities before they can be exploited.
  - Security Assessments
    Test your organization's security preparedness with HackerOne Assessment.
    
    Pentest
    Establish a compliant vulnerability assessment process.
  - Response
    The first step in receiving and acting on vulnerabilities discovered by third-parties.
  - Bounty
    Continuous testing to secure applications that power organizations.
  - Clear + Gateway
    Highly vetted, specialized researchers with best-in-class VPN.
  - Services
    Enhance your hacker-powered security program with our Advisory and Triage Services.
Why HackerOne
- For Business
- For Hackers
Company
- About HackerOne
- In the News
  - Press
  - Press Archive
Resources
- Resources
- Events
  - Events
  - Security@ Conference
Contact Us

What is Responsible Disclosure?

Learn More

Responsible Disclosure Limits Risk

When a vulnerability is discovered, researchers are quick to look for ways to disclose it to your security team. But if an obvious reporting channel is unavailable, researchers are faced with the choice of either doing nothing or disclosing the vulnerability publicly—both of which are extremely undesirable.

Responsible Disclosure Quote by Megan Brown

Responsible Disclosure and the Vulnerability Lifecycle

Responsible disclosure makes it easy and safe for vulnerability reporting

A responsible disclosure policy provides researchers with a clear and easy path to alert your security team of a potential vulnerability. It defines what properties are in or out of bounds, what types of vulnerabilities should and shouldn’t be reported, and provides the disclosure method.

Responsible Disclosure is recommended and deployed by Government agencies globally

Because responsible disclosure policies are an easy way to discover unknown vulnerabilities, every organization should have one. The Department of Defense hosts their program on HackerOne. That’s why they’re recommended by the U.S Department of Justice, promoted by General Motors, and endorsed by everyone from the European Commission to the U.S Food & Drug Administration. And it’s why you need to have a responsible disclosure policy in place now. What’s your plan for responsible disclosure?