Federal Deposit Insurance Corporation - Vulnerability Disclosure Program

The Federal Deposit Insurance Corporation (FDIC) is an independent agency created to maintain stability and public confidence in the nation’s financial system.

  • Safe harbor
Submit report

We no longer offer point rewards for submissions on this program. Please refer to our blog post: How Bugcrowd sees VDPs and points for more details.

Program stats

  • Vulnerabilities accepted 10
  • Validation within about 1 hour 75% of submissions are accepted or rejected within about 1 hour

Latest hall of famers

View all 66

Recently joined this program

111 total

Vulnerability Disclosure Policy

The Federal Deposit Insurance Corporation (“FDIC”) is committed to maintaining the security of our systems and protecting sensitive information from unauthorized disclosure.

We encourage security researchers to report potential vulnerabilities identified in FDIC systems. For reports submitted in compliance with this policy, the FDIC will endeavor to acknowledge receipt within three business days, to promptly validate submissions, implement corrective actions if appropriate, and inform researchers of the disposition of reported vulnerabilities.

If you make a good faith effort to comply with this policy during your security research, we will consider your research to be authorized, we will work with you to understand and resolve the issue quickly, and we will not recommend or pursue legal action related to your research.

Scope

Program rules

This program follows Bugcrowd’s standard disclosure terms.

For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please submit through the Bugcrowd Support Portal. We will address your issue as soon as possible.

Learn more about Bugcrowd’s VRT.