The bug bounty economy is a rapidly growing field where companies engage with security researchers to identify vulnerabilities, but it poses legal risks for white hat hackers. The current lack of clear laws and regulations creates ambiguity, leading to chilling effects on the security researcher community. To address this issue, standardizing safe harbors and protocols for "good faith" security testing is crucial, requiring collaboration among companies, platforms, and security researchers. A new project called Disclose.io aims to provide a framework that expands on existing work to protect security researchers while establishing clear language for bug bounty programs, which has already been adopted by 19 companies. The success of this effort relies on the participation and collaboration of all stakeholders involved.