National Indian Gaming Commission

The National Indian Gaming Commission is an independent federal regulatory agency within the Department of the Interior and is committed to the prompt and efficient regulation of the Indian gaming industry.

  • Safe harbor
Submit report

We no longer offer point rewards for submissions on this program. Please refer to our blog post: How Bugcrowd sees VDPs and points for more details.

Program stats

  • Vulnerabilities accepted 6
  • Validation within 3 days 75% of submissions are accepted or rejected within 3 days

Latest hall of famers

View all 46

Recently joined this program

85 total

Introduction

The National Indian Gaming Commission (NIGC) is committed to ensuring the security of the American public and Indian tribes by protecting their information. This policy is intended to give security researchers clear guidelines for conducting vulnerability discovery activities and to convey our preferences in how to submit discovered vulnerabilities to us.

This policy describes what systems and types of research are covered under this policy, how to send us vulnerability reports, and how long we ask security researchers to wait before publicly disclosing vulnerabilities.

Disclosing vulnerabilities is consistent with the NIGC’s cybersecurity culture of accountability, consistency, and trustworthiness. We are very receptive to good faith efforts from security researchers sharing reports of potential vulnerabilities in our systems so we can prioritize remediation and keep our commitment to a secure IT environment at NIGC.

Authorization

If you make a good faith effort to comply with this policy during your security research, NIGC will consider your research to be authorized, work with you to understand and resolve the issue quickly and will not recommend or pursue legal action related to your research. Should legal action be initiated by a third party against you for activities that were conducted in accordance with this policy, NIGC will make this authorization known.

Scope

Program rules

This program follows Bugcrowd’s standard disclosure terms.

For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please submit through the Bugcrowd Support Portal. We will address your issue as soon as possible.

Learn more about Bugcrowd’s VRT.