Department of Homeland Security: Vulnerability Disclosure Program

DHS has a unique information and communications technology footprint that is tightly interwoven and globally deployed. Many DHS technologies are deployed in critical infrastructure systems and, to varying degrees, support ongoing homeland security operations; the proper functioning of DHS systems and applications can have a life-or-death impact on DHS personnel and international allies and partners of the United States.

Our information systems provide critical services in support of the widespread, critical missions of DHS. Maintaining the security of our networks is a high priority at DHS. Ultimately, our network security ensures that we can accomplish our missions and contribute to the success of the individuals who contribute to the mission success.

DHS recognizes that security researchers regularly contribute to the work of securing organizations and the Internet as a whole. Therefore, DHS invites reports of any vulnerabilities discovered on internet-accessible DHS information systems, applications, and websites [1]. Information submitted to DHS under this policy will be used for defensive purposes – to mitigate or remediate vulnerabilities in our networks. This program upholds the DHS motto “See Something – Say Something” in the virtual environment by positively engaging with and establishing a communication loop between researchers and DHS.

Hereinafter, researcher [2] may be referred to as “you” or “your” and DHS may be interchangeably used in conjunction with or alternatively referenced as “we”, “our”, or “us”.