• To encourage adoption of Safe Harbors in Bug Bounties/VDP I list programs that adopt language that follows DOJ guidelines on legal safe harbors for security research and also address the DMCA (for further information see my Enigma talk and below). Please note that this is *not legal advice*, the policy might (and often changes) and you must read it and consult your own lawyer. 


    Coin by @koyn

    1. Dropbox 

    2. DJI*

    3. Ed

    4. LegalRobot

    5. Keeper*

    6. HackerOne 

    7. Upserve

    8. Zomato

    9. RightMesh

    10. Bugcrowd


    *The company had (according to reports) a legal encounter with a researcher or a reporter