Our very own Semprix, together with the Philippine hacking community and the Department of Information and Communications Technology (DICT), is working together on the development of the country’s first comprehensive Safe Harbor and Responsible Disclosure Policy Guidelines. This landmark collaboration aims to formalize the relationship between ethical hackers, private organizations, and the government — promoting a safer, more transparent, and more collaborative cybersecurity ecosystem across the Philippines.

For years, local security researchers have operated in a gray area — eager to report vulnerabilities that could compromise systems, but often held back by the fear of legal repercussions or misunderstanding. The proposed Safe Harbor framework seeks to address this long-standing gap by providing legal protection and clear boundaries for researchers acting in good faith. Under the forthcoming policy, those who responsibly disclose vulnerabilities following defined procedures will be shielded from prosecution, provided their actions align with ethical and non-destructive intent.

At the same time, the Responsible Disclosure component of the policy will guide organizations — both in the public and private sectors — on how to receive, evaluate, and respond to vulnerability reports. It will establish best practices for communication, validation, and remediation, ensuring that vulnerabilities are addressed promptly while maintaining trust and confidentiality between researchers and system owners. This dual framework aims to foster a culture of accountability, openness, and mutual respect between the security community and the institutions they help protect.

This initiative also underscores the growing recognition of ethical hackers as key partners in national cybersecurity resilience. By collaborating with DICT, Semprix and the hacking community are paving the way for structured engagement between independent researchers and government agencies — echoing global models such as the U.S. Department of Justice’s vulnerability disclosure guidelines and the EU’s coordinated disclosure frameworks.

Once finalized, the Safe Harbor and Responsible Disclosure Guidelines will serve as a cornerstone for the Philippines’ cybersecurity maturity roadmap, encouraging more organizations to adopt responsible vulnerability disclosure programs and recognize the vital role of ethical hackers. Through this effort, the hacking community and DICT are not only strengthening defenses but also redefining the narrative — that hackers, when guided and protected by the right policies, can be powerful allies in securing the nation’s digital future.