Welcome to the U.S. Department of Commerce Responsible Disclosure Page
Powered by Synack
Get Started

Responsible Disclosure Policy

ResponsibleDisclosure.com (operated by an independent third party, Synack, on behalf of the Department of Commerce).

This page is for security researchers interested in reporting application security vulnerabilities. This is intended for application security vulnerabilities only.

The details within your request form will be submitted to Synack. If you have reported an issue determined to be within program scope and to be a valid security issue, Synack will validate your finding and you will be allowed to disclose the vulnerability after a fix has been issued. This process is managed exclusively by Synack through their platform, accordingly you must accept the Synack terms of service if you wish to proceed. All queries are to be directed to Synack and managed exclusively through the ResponsibleDisclosure.com online portal.

For a full overview and listing of the DOC VDP program scope, please visit the DOC Vulnerability Disclosure Policy | U.S. Department of Commerce page. For inquiries on scope or the Department of Commerce’s Vulnerability Disclosure Policy, please contact DOC@responsibledisclosure.com .

Responsible Disclosure Guidelines

Researchers must follow the testing guidelines outlined in the DOC VDP, as well as the guidelines below (excerpted from the Synack ROE page and not covered by the DOC VDP):