VDP Programs
Search vulnerability disclosure and bug bounty programs in our database.
| Organization | Policy | Contact | Maturity
disclose.io Maturity Levels
security.txtIntake method exists
BasicPublic policy + channel
PartialWon't pursue legal action
FullExplicitly authorises testing + law exemptions
Full+CVDFull + proactive disclosure timeline
Findable → Communicating → Not hostile → Explicitly safe → Accountable
Note: This assessment is not legal advice.
|
Score |
|---|---|---|---|---|
| Sema4.ai | security@sema4.ai | Full | 90.0 / 120 | |
| Selma | security@selma.com | Full | 88.3 / 120 | |
| Security.q2 | iSOC@q2.com | Full+CVD | 113.3 / 120 | |
| Security | https://hackerone.com/security | Full | 93.3 / 120 | |
| Securepoint | security@securepoint.de | Full | 90.0 / 120 | |
| Sectricity | info@sectricity.com | Full | 90.0 / 120 | |
| SecDim | security@secdim.com | Full | 93.3 / 120 | |
| Seantis | security@seantis.ch | Full+CVD | 115.0 / 120 | |
| Scot.nhs | https://www.scot.nhs.uk/vulnerability-disclosur... | Full | 95.0 / 120 | |
| ScootKit | security@scootkit.com | Full+CVD | 113.3 / 120 | |
| Schneider Electric | cpcert@se.com | Full | 93.3 / 120 | |
| S-BB | informatiebeveiliging@s-bb.nl | Full | 91.7 / 120 | |
| SBAB | sirt@sbab.se | Full | 93.3 / 120 | |
| sayanchor | security@sayanchor.com | Full | 91.7 / 120 | |
| Savvy.codes | security@savvy.codes | Full | 91.7 / 120 | |
| Salv | security@salv.com | Full | 93.3 / 120 | |
| Safe-Connect | infosec@catsanddogs.com | Full | 95.0 / 120 | |
| s4p-iapps | security@s4p-iapps.com | Full | 93.3 / 120 | |
| RTC North Limited | enquiries[at]rtcnorth.co.uk | Full | 93.3 / 120 | |
| RTBF | devops.web[at]rtbf[.]be | Full+CVD | 113.3 / 120 | |
| roguecu | rcusecurity@roguecu.org | Full | 93.3 / 120 | |
| ROC Midden Nederland | safe@rocmn.nl | Full | 93.3 / 120 | |
| Robinhood | https://hackerone.com/robinhood | Full | 95.0 / 120 | |
| RNIDS | security@rnids.rs | Full | 91.7 / 120 | |
| Rix | security@rix.fr | Full+CVD | 115.0 / 120 |
