Report vulnerabilities.
Get rewarded. Stay safe.
boring.tools provides a managed disclosure portal where security researchers can responsibly report vulnerabilities and organizations can track, triage, and resolve them efficiently.
Everything you need for responsible disclosure
Managed Disclosure
Organizations define scope, out-of-scope, safe harbor, and acknowledgments. Researchers get clear guardrails for responsible testing.
Real-Time Tracking
Each report receives a unique tracking token. Researchers check status anytime; organizations manage everything from a central dashboard.
Researcher-Focused
PGP-encrypted communication, clear disclosure terms, and safe harbor protection ensure researchers can act with confidence.
Three simple steps
Find a Vulnerability
Review the organization's policy and scope, then test responsibly within the defined boundaries.
Submit a Report
Use the secure form to submit your findings. All reports are encrypted and timestamped.
Track & Resolve
Use your tracking token to monitor progress. The organization triages, validates, and resolves the report.
Ready to get started?
Whether you're a security researcher or an organization looking to set up a disclosure program — we're here to help.
Learn More