To encourage adoption of Safe Harbors in Bug Bounties/VDP I list programs that adopt language that follows DOJ guidelines on legal safe harbors for security research and also address the DMCA (for further information see my Enigma talk and below). Please note that this is *not legal advice*, the policy might (and often changes) and you must read it and consult your own lawyer. 

Coin by @koyn

1. Dropbox 

2. DJI*

3. Ed

4. LegalRobot

5. Keeper*

6. HackerOne 

7. Upserve

8. Zomato

9. RightMesh

10. Bugcrowd


12. liberapay

13. Tezos

14. Augur 

15. Tron 

16. OS.University

17. ChainRift

18. tendermint

19. Telenet

20. Shopify 

21. Mozilla 

22. Tesla 

23. 18F

24. Voatz

25. Riot 

26. Twilio

*The company had (according to reports) a legal encounter with a researcher or a reporter