U.S. Fish and Wildlife Service

We no longer offer point rewards for submissions on this program. Please refer to our blog post: How Bugcrowd sees VDPs and points for more details.

Program stats

  • Vulnerabilities accepted 39
  • Validation within 21 days 75% of submissions are accepted or rejected within 21 days

Latest hall of famers

Recently joined this program

59 total

Introduction

In the U.S. Fish and Wildlife Service, we are committed to ensuring the security of the American public by protecting their information. As part of this, we recognize that public contributions can greatly enhance our ability to remediate security vulnerabilities before they can be exploited by an adversary. We encourage security researchers to report potential vulnerabilities in our systems so that we can address any associated security issues.

In accordance with Department of Homeland Security Binding Operational Directive 20-01, we are issuing this Vulnerability Disclosure Policy to provide potential security researchers from the public with clear guidelines for conducting these vulnerability discovery activities. Our policy is drawn from the Department of the Interior (DOI) Vulnerability Disclosure Policy. It addresses what Service systems are within the scope of vulnerability reporting and provides instructions for submitting discovered vulnerabilities.

So long as you make a good faith effort to comply with this policy during your security research, we will consider your research to be authorized. Our Cyber Security personnel will work with you to understand and resolve the issue quickly and the Service will not recommend or pursue legal action related to your research. Should legal action be initiated by a third party against you for activities that were conducted in accordance with this policy, we will make this authorization known.

Scope

Program rules

This program follows Bugcrowd’s standard disclosure terms.

For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please email support@bugcrowd.com. We will address your issue as soon as possible.