Mastodawn

New: "Sticking their heads out above the parapets" — the first qualitative study of researchers' lived experiences of legal risk, by Sunoo Park & Daniel R. Thomas (USENIX Security 2026). 36 researchers, 130 incidents, three decades. The CFAA and UK Computer Misuse Act chill good-faith research; it names disclose.io as part of the fix. Read it + catch the talk:
https://blog.disclose.io/above-the-parapets-the-chilling-effect-finally-has-receipts/
#infosec #CFAA #vulndisclosure

Above the Parapets: The Chilling Effect Finally Has Receipts

The first qualitative study of researchers' lived experiences of legal risk: Sunoo Park and Daniel R. Thomas (USENIX Security 2026) on how overbroad anti-hacking law chills good-faith security research — and why it names disclose.io as part of the fix.

Running With Scissors - The Disclose.io Blog

disclose.io

May 23

Peter G. Neumann, 1932-2026.

Forty-one years moderating the ACM #RISKS Forum. Five decades arguing that secure systems need hardware foundations and formal methods. The conscience of computer security.

This week's Policy Pulse leads with his tribute, alongside CISA's new public KEV nomination form and the Leverett / van der Ham-de Vos paper on unbounded vulnerability counts.

https://blog.disclose.io/policy-pulse-issue-16-week-of-may-23-2026/

Policy Pulse - Issue #16 | Week of May 23, 2026

Peter G. Neumann, who moderated the ACM RISKS Forum for 41 years and helped found the discipline of secure-systems research, died May 17 at 93. CISA opens a public KEV nomination form. Cloudflare publishes its Project Glasswing post-mortem.

Running With Scissors - The Disclose.io Blog

disclose.io

Jan 7

Bose open-sources its SoundTouch home theater smart speakers ahead of end-of-life https://arstechnica.com/gadgets/2026/01/bose-open-sources-its-soundtouch-home-theater-smart-speakers-ahead-of-eol/

Bose open-sources its SoundTouch home theater smart speakers ahead of end-of-life

If companies insist on bricking gadgets, this is a better way to do it.

Ars Technica

disclose.io

Dec 28

Platforms.disclose.io just added 25 NEW bug bounty and VDP platforms! - @disclose_io Community Forum https://community.disclose.io/t/platforms-disclose-io-just-added-25-new-bug-bounty-and-vdp-platforms/934

Hey! We just updated https://platforms.disclose.io with 25+ new bug bounty & VDP platforms! 🎯

Notable additions:
• Web3: @Cantinaxyz @CodeHawks @CertiK @xyz_remedy
• Russia: @standoff365 @bizone
• Asia: @IssueHunt (Japan), @patchday_io (Korea), Butian (China)

The ecosystem keeps growing. Check out the full list: https://platforms.disclose.io

#BugBounty #VDP #Cybersecurity

Open-Sourced Collection of Bug Bounty Platforms

Open-Sourced Collection of Bug Bounty Platforms Part of The @disclose_io Project.

Bug Bounty Platforms

disclose.io

Nov 28, 2025

Need Help – Company Shut Down Bug Bounty Program After Fixing My 10 Reported Bugs Without Reward - Hacker Connect - @disclose_io Community Forum https://community.disclose.io/t/need-help-company-shut-down-bug-bounty-program-after-fixing-my-10-reported-bugs-without-reward/907

Need Help – Company Shut Down Bug Bounty Program After Fixing My 10 Reported Bugs Without Reward

I reported 10 valid bugs including SQL Injection and account takeover to a company running a public bug bounty program. Initially, they acknowledged the reports and later fixed all the issues. But instead of rewarding or crediting me, they gave excuses and rejected them. Shortly after, they shut down their bug bounty program entirely. There’s no official body to protect bug hunters in such cases. If there is someone who can help me with this situation, please reply.

@disclose_io Community Forum

disclose.io

Nov 27, 2025

Possibly uncovering a domain spoofing scheme targeting major real estate brands — looking for guidance - Hacker Connect - @disclose_io Community Forum https://community.disclose.io/t/possibly-uncovering-a-domain-spoofing-scheme-targeting-major-real-estate-brands-looking-for-guidance/924

Possibly uncovering a domain spoofing scheme targeting major real estate brands — looking for guidance

Hi all, I’ve come across what might be a coordinated domain spoofing or redirect scheme affecting multiple large companies in the real estate and homebuilding industry — including portals, brokerages, and mortgage players. This started when I noticed strange traffic behavior involving my own business, which led me to uncover several domains mimicking major industry brands or just lots of spoofed domains sitting on the same exact IP clusters. Many redirect to real corporate login pages or appea...

@disclose_io Community Forum

disclose.io

Nov 3, 2025

Risky Bulletin: Russian bill would require researchers to report bugs to the FSB 👀

https://risky.biz/risky-bulletin-russian-bill-would-require-researchers-to-report-bugs-to-the-fsb/

disclose.io

Oct 29, 2025

Ugh… It’s 2025 and vendors still don’t understand the Streisand-effect.

cc: @disclose_io (https://threats.disclose.io)

YouTuber with nearly 4M subscribers sued by lock company after he breaks into lock with just a can https://www.uniladtech.com/social-media/youtube/youtuber-trevor-mcnally-sued-lock-company-using-can-920271-20251028

Research Threats: Legal Threats Against Security Researchers

Collection of legal threats against good faith Security Researchers; vulnerability disclosure gone wrong. A continuation of work started by @attritionorg Part of The @disclose_io Project.

Security Research Threats

Github	https://github.com/disclose
Get started…	https://linktr.ee/disclose
VDP Policy Generator	https://policymaker.disclose.io/
Disclosure Assistance	https://community.disclose.io/c/hacker-connect/5
Researcher Threats DB	https://threats.disclose.io