Sign in Subscribe

Disclose.io

Policy Pulse - Issue #3 | Week of February 15, 2026

Policy Pulse - Issue #3 | Week of February 15, 2026

Your weekly briefing on cybersecurity policy affecting vulnerability disclosure and security research. This week: CISA BOD 26-02 targets unsupported edge devices, MITRE CVE contract hits 30-day countdown, and UK CMA statutory defence takes shape.

Modes of Public Vulnerability Disclosure: A 2026 Update

Modes of Public Vulnerability Disclosure: A 2026 Update

Understanding the taxonomy of vulnerability disclosure—from private to full to coordinated—and why the industry has converged on 90 days as the rational baseline. Updated for 2026 with the latest from disclose.io Policymaker.

Policy Pulse - Issue #2 | Week of February 8, 2026

Policy Pulse - Issue #2 | Week of February 8, 2026

Your weekly briefing on cybersecurity policy affecting vulnerability disclosure and security research.

A brief history of vulnerability disclosure and bug bounty

A brief history of vulnerability disclosure and bug bounty

Explore the evolution of vulnerability disclosure from the early days of full disclosure debates through the emergence of bug bounty programs. A comprehensive three-part series by Dennis Fisher covering the history that shaped modern security research.

VIDEO: An intro to disclose.io and hacker safety

VIDEO: An intro to disclose.io and hacker safety

Watch this introductory video explaining what disclose.io does, why hacker safety matters, and how organizations can implement vulnerability disclosure programs that protect both researchers and their systems.

dnssecuritytxt

dnssecuritytxt

DNS-based discovery of security.txt files using the _securitytxt TXT record. Learn how dnssecuritytxt enables organizations to publish vulnerability disclosure contact information through DNS, complementing the traditional .well-known/security.txt approach.