In the U.S. Fish and Wildlife Service, we are committed to ensuring the security of the American public by protecting their information. As part of this, we recognize that public contributions can greatly enhance our ability to remediate security vulnerabilities before they can be exploited by an adversary. We encourage security researchers to report potential vulnerabilities in our systems so that we can address any associated security issues.
In accordance with Department of Homeland Security Binding Operational Directive 20-01, we are issuing this Vulnerability Disclosure Policy to provide potential security researchers from the public with clear guidelines for conducting these vulnerability discovery activities. Our policy is drawn from the Department of the Interior (DOI) Vulnerability Disclosure Policy. It addresses what Service systems are within the scope of vulnerability reporting and provides instructions for submitting discovered vulnerabilities.
So long as you make a good faith effort to comply with this policy during your security research, we will consider your research to be authorized. Our Cyber Security personnel will work with you to understand and resolve the issue quickly and the Service will not recommend or pursue legal action related to your research. Should legal action be initiated by a third party against you for activities that were conducted in accordance with this policy, we will make this authorization known.
This program follows Bugcrowd’s standard disclosure terms.
For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please email firstname.lastname@example.org. We will address your issue as soon as possible.