Federal Retirement Thrift Investment Board : Vulnerability Disclosure Program

  • Safe harbor
  • Solo-Only

We no longer offer point rewards for submissions on this program. Please refer to our blog post: How Bugcrowd sees VDPs and points for more details.

Program stats

  • Vulnerabilities accepted 2
  • Validation within 13 minutes 75% of submissions are accepted or rejected within 13 minutes

Latest hall of famers

Recently joined this program

22 total

The Federal Retirement Thrift Investment Board (FRTIB) is committed to ensuring the security of FRTIB information and to preventing unauthorized access, modification, use, or disclosure. FRTIB recognizes that a vulnerability disclosure policy is an important element of an effective vulnerability management program and critical to the security of internet-accessible information systems. FRTIB is publishing a vulnerability disclosure policy in order to encourage meaningful collaboration between the FRTIB and the public and to enable the FRTIB to remediate vulnerabilities before they can be exploited by an adversary.

The purpose of this policy is to establish the FRTIB Vulnerability Disclosure Policy, to define authorized and prohibited research and activities, to define how vulnerabilities are reported and communicated to the Agency, and the requirements for disclosing vulnerability information to public on behalf of the Agency as a ‘Reporter’.

Scope

Program rules

This program follows Bugcrowd’s standard disclosure terms.

For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please email support@bugcrowd.com. We will address your issue as soon as possible.