Safeguard
Tag

Responsible Disclosure

Safeguard articles tagged "Responsible Disclosure" — guides, analysis, and best practices for software supply chain and application security.

12 articles

Tutorials

How to Report a Security Vulnerability

You found a security bug — now what? This beginner guide walks through reporting a vulnerability responsibly, from finding the right contact to writing a clear report.

Jul 8, 20266 min read
Best Practices

Ethical hacking techniques, mapped to a responsible disclosure workflow

Recon, enumeration, exploitation, and privilege escalation aren't just attacker steps — Log4Shell's 15-day gap between private report and public exploit shows why each maps to a disclosure decision.

Jul 8, 20266 min read
Supply Chain Security

How to Scan Large GitHub Orgs for Exposed Secrets Responsibly

28.65 million new secrets landed on public GitHub in 2025 alone. Here's a research methodology for finding them at scale without becoming the next incident.

Jul 8, 20267 min read
Application Security

A practical guide to bug bounty hunting

HackerOne alone has paid hackers over $300M since 2012, but most new researchers earn nothing — duplicates, not skill gaps, are the top reason first reports fail.

Jul 7, 20267 min read
Best Practices

What is Responsible Disclosure

What responsible disclosure means, how 45-90 day timelines work in practice, and how coordinated CVE reporting like Log4Shell actually played out.

Feb 14, 20266 min read
Best Practices

What is a Vulnerability Disclosure Program

What a vulnerability disclosure program actually is, how it differs from a bug bounty, and what CISA, ISO, and the EU CRA now require of it.

Feb 6, 20267 min read
Vulnerability Management

Coordinated Vulnerability Disclosure: A Complete Guide

Coordinated disclosure protects users while giving vendors time to fix. Here is how to run a disclosure process that works for all parties, whether you are the reporter or the vendor.

Apr 28, 20247 min read
Guides

How to Write a Vulnerability Disclosure Policy Developers Respect

Most VDPs are lawyer documents nobody reads. Here is how to write one with real safe harbor, honest SLAs, and an intake path researchers will actually use.

Apr 22, 20247 min read
Organizational Security

Vulnerability Disclosure Policy Template

A practical template for creating a vulnerability disclosure policy, with guidance on safe harbor provisions, response timelines, and researcher relationships.

Dec 20, 20237 min read
Open Source Security

Responsible Disclosure in Open Source: The Messy Reality

Responsible disclosure sounds simple in theory. In practice, coordinating vulnerability disclosure across open source projects with no budgets, no SLAs, and no obligation to respond is an exercise in patience and diplomacy.

Dec 22, 20227 min read
Offensive Security

Bug Bounty Programs with a Supply Chain Focus

Traditional bug bounty programs miss supply chain vulnerabilities. Here's how to design a bounty program that incentivizes researchers to hunt in your dependency chain.

Jul 18, 20227 min read
Application Security

Vulnerability Disclosure Programs: Building Trust with Security Researchers

A well-designed vulnerability disclosure program turns external researchers into force multipliers for your security team. A poorly-designed one guarantees your vulnerabilities end up on Twitter instead of your inbox.

Mar 22, 20225 min read
Responsible Disclosure — Safeguard Blog