Federal Retirement Thrift Investment Board : Vulnerability Disclosure Program

  • Safe harbor
  • No collaboration

We no longer offer point rewards for submissions on this program. Please refer to our blog post: How Bugcrowd sees VDPs and points for more details.

Program stats

  • Vulnerabilities accepted 3
  • Validation within about 8 hours 75% of submissions are accepted or rejected within about 8 hours

Latest hall of famers

Recently joined this program

43 total

The Federal Retirement Thrift Investment Board (FRTIB) is committed to ensuring the security of FRTIB information and to preventing unauthorized access, modification, use, or disclosure. FRTIB recognizes that a vulnerability disclosure policy is an important element of an effective vulnerability management program and critical to the security of internet-accessible information systems. FRTIB is publishing a vulnerability disclosure policy in order to encourage meaningful collaboration between the FRTIB and the public and to enable the FRTIB to remediate vulnerabilities before they can be exploited by an adversary.

The purpose of this policy is to establish the FRTIB Vulnerability Disclosure Policy, to define authorized and prohibited research and activities, to define how vulnerabilities are reported and communicated to the Agency, and the requirements for disclosing vulnerability information to public on behalf of the Agency as a ‘Reporter’.


Program rules

This program follows Bugcrowd’s standard disclosure terms.

For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please submit through the Bugcrowd Support Portal. We will address your issue as soon as possible.