v0.1 — coordinated disclosure
Find bugs. Get paid.
Within scope. With authorization.
Companies publish programs with explicit scope and written authorization. Researchers test what's allowed and report findings — all in one place.
Define scope
List in-scope domains, APIs, mobile apps, and explicit out-of-scope targets.
Grant authorization
Publish written safe-harbor terms so testing stays legal and bounded.
Receive reports
Researchers submit findings against your program — coming soon.