Why do I need to add a disclaimer to my software?

To be listed in our VDP platform, a disclaimer is required in your readme.txt or security.md file of your software. This disclaimer:

Shows that you as a plugin owner or company take security seriously
Gives researchers a way to post their vulnerability findings to Patchstack directly and in correct format
Gives a level of certainty to researchers that the data will be sent to correct place

Get a disclaimer and publish it

To get a disclaimer text:

Visit Programs page in mVDP platform
Click on the disclaimer icon, and copy the text from that dialogue
Add this text to your readme.txt or security.md file of your software

Example disclaimer

This is an example disclaimer, do not paste it to your software, as it includes an example link. You should copy the disclaimer straight from the mVDP platform as shown above.

= How can I report security bugs? =

You can report security bugs through the Patchstack Vulnerability Disclosure
Program. The Patchstack team help validate, triage and handle any security
vulnerabilities.
[Report a security vulnerability.](https://patchstack.com/database/vdp/your-software-slug)