Equal Employment Opportunity Commission: Vulnerability Disclosure Program

  • Safe harbor
  • No collaboration

We no longer offer point rewards for submissions on this program. Please refer to our blog post: How Bugcrowd sees VDPs and points for more details.

Program stats

  • Vulnerabilities accepted 2
  • Validation within about 1 hour 75% of submissions are accepted or rejected within about 1 hour

Latest hall of famers

Recently joined this program

This policy provides a standard Equal Employment Opportunity Commission (EEOC), Office of the Information Technology (OIT) in support of the Commission’s commitment to protecting unwarranted disclosure of information. This policy describes which EEOC information systems (IS) are within the scope and defines accepted cybersecurity (CS) research that is covered under this policy, including how to send EEOC vulnerability reports, and how long we ask security researchers to delay publicly disclosing vulnerabilities. EEOC expects that the VDP will provide an independent assessment of the domain’s security and defense measures by potentially identifying vulnerabilities not found by existing penetration-team and automated efforts, non-compliance with cybersecurity guidance as well as training deficiencies. This policy is presented to ensure acceptance and acknowledgment of the existence of potential vulnerabilities, their assessment for security research purposes as well as the process in which they are to be provided to the Commission.


Program rules

This program follows Bugcrowd’s standard disclosure terms.

For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please submit through the Bugcrowd Support Portal. We will address your issue as soon as possible.