Dell Technologies Web Properties Vulnerability Disclosure Program

Dell Technologies ("Dell") recognizes the value of the security community to create a more secure world and welcomes the opportunity to collaborate with community members who share this common goal.

This coordinated vulnerability disclosure program (VDP) is limited to security vulnerabilities identified within Dell's public online footprint. Please carefully review the inclusions and exclusions detailed in the sections below.

Note: Dell products are excluded from this program. All vulnerabilities affecting Dell and Dell EMC products should be reported to the Dell Product Security Incident Response Team (Dell PSIRT). The Dell Vulnerability Response Policy provides information on how to report product focused vulnerabilities.

As of September 1, 2020, RSA is no longer a part of Dell Technologies. To report a vulnerability on RSA products or applications, please refer to the RSA Policy. For any additional questions on existing RSA knowledge base articles or advisories, please contact RSA Community.

---

Rewards/Ratings:

This program awards points for valid in-scope submissions. This program does not provide monetary rewards.

For the initial prioritization/rating of findings, this program will use the Bugcrowd Vulnerability Rating Taxonomy. However, it is important to note that in some cases a vulnerability priority will be modified due to its likelihood or impact. In any instance where an issue is downgraded, a full, detailed explanation will be provided to the researcher. Please see below for any exceptions from the standard VRT.

For submissions regarding GitHub Credentials, all findings will be initially rated as a P5. Once the finding has been determined to have a real impact, it will be upgraded accordingly. Remember, it is beneficial to include the sensitive information in your finding along with the link to help speed up the validation process.