National Indian Gaming Commission
Introduction
The National Indian Gaming Commission (NIGC) is committed to ensuring the security of the American public and Indian tribes by protecting their information. This policy is intended to give security researchers clear guidelines for conducting vulnerability discovery activities and to convey our preferences in how to submit discovered vulnerabilities to us.
This policy describes what systems and types of research are covered under this policy, how to send us vulnerability reports, and how long we ask security researchers to wait before publicly disclosing vulnerabilities.
Disclosing vulnerabilities is consistent with the NIGC’s cybersecurity culture of accountability, consistency, and trustworthiness. We are very receptive to good faith efforts from security researchers sharing reports of potential vulnerabilities in our systems so we can prioritize remediation and keep our commitment to a secure IT environment at NIGC.
Authorization
If you make a good faith effort to comply with this policy during your security research, NIGC will consider your research to be authorized, work with you to understand and resolve the issue quickly and will not recommend or pursue legal action related to your research. Should legal action be initiated by a third party against you for activities that were conducted in accordance with this policy, NIGC will make this authorization known.
Scope
Program rules
This program follows Bugcrowd’s standard disclosure terms.
For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please submit through the Bugcrowd Support Portal. We will address your issue as soon as possible.