DISCLOSURE

The platform enables security researchers to submit vulnerability reports directly to vendors without an intermediary service. Reports are encrypted in the researcher’s browser, so only the intended vendor can decrypt the content, and even server administrators cannot read the details. It operates as a self‑hosted application that can be deployed on any infrastructure owned by a vendor, giving full control over data and policies.

Instances can discover and exchange reports with one another through ActivityPub federation, allowing researchers and vendors to find each other across separate deployments. The system imposes no fees or gatekeeping, and all code is released under a permissive open‑source license, permitting auditing, forking, and contribution.

The software is currently in an experimental alpha stage; it is functional but not yet ready for production use. Ongoing development invites feedback and community involvement to mature the platform.