2 min read

RFC: dioterms open-source VDP policy

Twice a year, we review the dioterms Core Terms. Through 2020 we've paid attention to the evolution of standard VDP and BBP policy language.
RFC: dioterms open-source VDP policy

The origin of disclose.io is as an open-source policy standardization project, intended to give organizations a "shovel-ready" VDP boilerplate to use or expand from - especially for explicit authorization and "safe harbor" language.

Twice a year, we review the dioterms Core Terms. Through 2020 we've paid attention to the evolution of standard VDP and BBP policy language.

There is an update to the core terms from which the policies are adapted currently in the Github repo: https://github.com/disclose/dioterms/pull/5. Merge is planned for 30 Jan 2021.

As always, the goal of the language is to balance:

  • Legal completeness to maximize bilateral safety
  • Clarity of expectations
  • Readability for non-lawyers and ESL participants

The PR contains several important and exciting updates:

  • VDP and BBP terms separated to reduce ambiguity
  • We have split the Terms into modules for more straightforward language and legal translation and support creating a web front-end policy generation tool.
  • Safe harbor language modified to reflect commonly-used language seen in 2H20
  • Some semantic and language tweaks in the README and elsewhere
  • Introduction of Disclose.io Status - The Disclose.io Maturity Model for VDP/BBP policies.

The strength of this language relies on its robustness as an open-source project.

The ask is for as many of you on this list to take a little time, put comments into the changes, ask questions, proposed changes, or give it a thumbs up to do over the next week if possible - Thanks a bunch to everyone who has already!

The plan is to merge the PR with changes considered and integrated if appropriate on Jan 30. Fred Jennings and Harley Geiger have graciously offered their legal perspective, and I and others are giving input from the operational side.

If you aren't native to Github, get yourself an account and try leaving a comment - Github looks a lot more daunting than it is for the social and communication features, and I can assure not that it's not just for nerds :)

If Github is proving too tricky, that’s OK - You can comment in the Disclose.io Community Forum and we’ll work to include your comments and suggestions in the repo if appropriate.

Thanks for being a part of Disclose.io’s efforts to make the Internet a safer place!