![\"\"](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/36\/2019\/07\/11152916\/kaspersky-blog-default-featured.jpg\")
<\/a>\nSo, yes, in general, choosing a product or company is about trust. One mistake is enough to ruin the trust, but building it is significantly harder. It\u2019s like a tower consisting of thousands of bricks \u2014 removing one brick may be enough for the tower to collapse, but to build the tower, you need to carefully lay one brick next to another several thousand times. That\u2019s hard and time-consuming.<\/p>\n
A safe harbor for researchers<\/h2>\n
We at Kaspersky want you, our customers and potential customers, to trust us, so we are building that tower, brick by brick, and maintaining it. We\u2019ve already launched our Global Transparency Initiative<\/a>. We hope that shows how transparent our business is. And we\u2019ve increased our bug bounties<\/a>. Now we are pleased to announce that we have joined Bugcrowd\u2019s Disclose.io<\/a> project to guarantee that we also won\u2019t be legally assaulting those who look to research our products and find vulnerabilities in there.<\/p>\n Bugcrowd launched Disclose.io in partnership with renowned security researcher Amit Elazari in August 2018 to provide a clear legal framework to protect organizations and researchers engaged in bug bounty and vulnerability disclosure programs. <\/em>Basically, what Disclose.io offers is a set of agreements between researchers and businesses. All companies who have joined Disclose.io agree to follow these agreements, and so do all of the researchers. These agreements are very simple. They\u2019re easy to read and understand \u2014 forget about the hundreds of subsections and small fonts here and there that can make legal agreements nearly impossible to process. You can find the core terms on GitHub<\/a>, and that adds to their transparency; documents on GitHub cannot be modified without the entire community seeing this fact.<\/p>\n These agreements encourage businesses not to punish researchers for their research, but to work with them to understand the vulnerability and fix it, and to recognize their contribution to the security of the product. On the other hand, these agreements require researchers to be responsible with the vulnerabilities they find \u2014 not to make information public before the issue is fixed, not to abuse the data they access, not to extort money from the vendors, and so on and so forth.<\/p>\n