To encourage adoption of Safe Harbors in Bug Bounties/VDP I list programs that adopt language that follows DOJ guidelines on legal safe harbors for security research and also address the DMCA (for further information see my Enigma talk and below). Please note that this is *not legal advice*, the policy might (and often changes) and you must read it and consult your own lawyer.
Coin by @koyn
IMPORTANT NOTE: With the publication of the Disclose.io safe harbor directory on Bugcrowd I retired this list and stopped updating it on 2018: visit Disclose.io safe harbor directory on Bugcrowd and filter by "safe harbor" for disclose.io updated list. Please note that this is *not legal advice*, the policy might (and often changes) and you must read it and consult your own lawyer.
