Frequently Asked Questions
All emails sent by ZeroDisclo.com come from zerodisclo [@] yeswehack.com and are signed with our dedicated PGP key
Make sure you have white-listed that address so you do not miss out on notifications.
- I WANT TO DISCLOSE A VULNERABILITY –
ZeroDisclo.com is a secure and confidential communication channel between you and a CERT. ZeroDisclo.com is not a judge about a report’s relevancy. In any event, reporting the security weakness you have observed to a CERT is always much better than boasting about it on your favourite social media.
Before filling in the report form, make sure to check FireBounty and ensure the possibly affected service does not have a dedicated vulnerability disclosure programme (VDP). FireBounty harbours such programmes in real time, so you can see it as your mandatory first stop to making the Internet safer. If the service has a dedicated VDP, it is more straightfordward to take that road instead of submitting through ZeroDisclo.com
And if you’d like to even more easily check whether a service has a VDP, make sure you install VDPFinder! The latter is a free web browser plugin we have developped to enable organisations to showcase their VDPs and ethical hackers to peruse them more. Head to our blog if you want to know more.
Only the bare minimum logs are stored. Those are: transient web server logs and unhandled exceptions. Regarding the vulnerability submission metadata, the submission form indicates thanks to which details only you and the receiving CERT have access to: that information is encrypted in your browser with the CERT’s PGP key.
Check out the explainer to refresh your understanding of how ZeroDisclo.com works.
Also, we have a generic Matomo tracker on the website operating in Do Not Track mode. We do not store the website user’s IP address either. All in all, we have no means of identifying you.