Developing policy to protect hackers that participate in Vulnerability Disclosure Programs and Bug Bounties is crucial for Bugcrowd. Anti-hacking laws, such as the Computer Fraud and Abuse Act, are built on the assumption that hackers are bad people by default, which doesn't accommodate bounty hunters and good-faith hackers. To bridge this legislative gap, a movement led by Casey Ellis and Amit Elazari has resulted in Disclose.io, a set of legal "band-aids" that standardize guidelines for responsible security testing, safe harbor provisions, and terms & conditions that protect hackers' rights. Bugcrowd is now incorporating Disclose.io messaging into its program briefs, providing customers with tools to create Safe Harbor policies that enable researchers to conduct good faith security research without fear of legal repercussions. The goal is to mature safe harbor policies further, with the aim of establishing a living breathing standard for Safe Harbor, similar to Bugcrowd's Vulnerability Rating Taxonomy.