Good Practice / Ethical Standards for Researchers
The GFCRC supports the following living definition of a good-faith researcher, put together by our board member Tarah Wheeler and distinguished information security researchers. We stand by the enclosed codes of conduct for researchers and best practices for vulnerability owners in response.
This definition is designed so that anyone is welcome to contribute in a positive and transparent way through pull requests on GitHub for full transparency.
Policy Guidance
The Organization for Economic Cooperation and Development (OECD) Working Party on Security and Privacy in the Digital Economy (SPDE) has issued numerous guidance papers for policymakers, including
Guidance for Vendors / Consumers
Cybersecurity Centre Belgium (CCB)‘s pointers on coordinated vulnerability disclosure (CVB) – including examples
HackerOne‘s Gold Standard Safe Harbor initiative – code of practices for companies to help protect good faith researchers