To encourage adoption of Safe Harbors in Bug Bounties/VDP I list programs that adopt language that follows DOJ guidelines on legal safe harbors for security research and also address the DMCA (for further information see my Enigma talk and below). Please note that this is *not legal advice*, the policy might (and often changes) and you must read it and consult your own lawyer. 


Coin by @koyn


IMPORTANT NOTE: With the publication of the Disclose.io safe harbor directory on Bugcrowd I retired this list and stopped updating it on 2018:  visit Disclose.io safe harbor directory on Bugcrowd and filter by "safe harbor" for disclose.io updated list. Please note that this is *not legal advice*, the policy might (and often changes) and you must read it and consult your own lawyer. 

image35

1. Dropbox 

2. DJI*

3. Ed

4. LegalRobot

5. Keeper*

6. HackerOne 

7. Upserve

8. Zomato

9. RightMesh

10. Bugcrowd

11. Block.one

12. liberapay

13. Tezos

14. Augur 

15. Tron 

16. OS.University

17. ChainRift

18. tendermint

19. Telenet

20. Shopify 

21. Mozilla 

22. Tesla 

23. 18F

24. Voatz

25. Riot 

26. Twilio


*The company had (according to reports) a legal encounter with a researcher or a reporter 

IMPORTANT NOTE: With the publication of the Disclose.io safe harbor directory on Bugcrowd I retired this list and stopped updating it on 2018:  visit Disclose.io safe harbor directory on Bugcrowd and filter by "safe harbor"