• To encourage adoption of Safe Harbors in Bug Bounties/VDP I list programs that adopt language that follows DOJ guidelines on legal safe harbors for security research and also address the DMCA (for further information see my Enigma talk and below). Please note that this is *not legal advice*, the policy might (and often changes) and you must read it and consult your own lawyer. 


    Coin by @koyn

    1. Dropbox 

    2. DJI*

    3. Ed

    4. LegalRobot

    5. Keeper*

    6. HackerOne 

    7. Upserve

    8. Zomato

    9. RightMesh

    10. Bugcrowd

    11. Block.one

    12. liberapay

    13. Tezos

    14. Augur 

    15. Tron 

    16. OS.University

    17. ChainRift

    18. tendermint

    19. Telenet

    20. Shopify 

    21. Mozilla 

    22. Tesla 


    *The company had (according to reports) a legal encounter with a researcher or a reporter