<!DOCTYPE html> <html dir="ltr" lang="en-US"> <head><script type="text/javascript" src="/_static/js/bundle-playback.js?v=HxkREWBo" charset="utf-8"></script> <script type="text/javascript" src="/_static/js/wombat.js?v=txqj7nKC" charset="utf-8"></script> <script>window.RufflePlayer=window.RufflePlayer||{};window.RufflePlayer.config={"autoplay":"on","unmuteOverlay":"hidden"};</script> <script type="text/javascript" src="/_static/js/ruffle/ruffle.js"></script> <script type="text/javascript"> __wm.init("https://web.archive.org/web"); __wm.wombat("https://doc.responsibledisclosure.com/hc/en-us","20230921191124","https://web.archive.org/","web","/_static/", "1695323484"); </script> <link rel="stylesheet" type="text/css" href="/_static/css/banner-styles.css?v=S1zqJCYt" /> <link rel="stylesheet" type="text/css" href="/_static/css/iconochive.css?v=3PDvdIFv" /> <!-- End Wayback Rewrite JS Include --> <meta charset="utf-8"/> <!-- v23543 --> <title>Department Of Commerce Responsible Disclosure powered by Synack</title> <meta name="csrf-param" content="authenticity_token"> <meta name="csrf-token" content=""> <link rel="canonical" href="https://web.archive.org/web/20230921191124/https://doc.responsibledisclosure.com/hc/en-us"> <link rel="alternate" hreflang="en" href="https://web.archive.org/web/20230921191124/https://doc.responsibledisclosure.com/hc/en-us"> <link rel="stylesheet" href="//web.archive.org/web/20230921191124cs_/https://static.zdassets.com/hc/assets/application-5dedcabe00a896eb2c214ed2973f0975.css" media="all" id="stylesheet"/> <!-- Entypo pictograms by Daniel Bruce — www.entypo.com --> <link rel="stylesheet" href="//web.archive.org/web/20230921191124cs_/https://static.zdassets.com/hc/assets/theming_v1_support-e05586b61178dcde2a13a3d323525a18.css" media="all"/> <link rel="stylesheet" type="text/css" href="//web.archive.org/web/20230921191124cs_/https://p19.zdassets.com/hc/theming_assets/1763264/9933025271187/style.css?digest=13195598656787"> <link rel="icon" type="image/x-icon" href="//web.archive.org/web/20230921191124im_/https://theme.zdassets.com/theme_assets/1763264/5bcf73e037ed238626496ab3a06348ec0793c519.png"/> <script src="//web.archive.org/web/20230921191124js_/https://static.zdassets.com/hc/assets/jquery-09d07e20ce042ef10e301661ad1f316c.js"></script> <meta content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=0" name="viewport"/> <script type="text/javascript" src="//web.archive.org/web/20230921191124js_/https://p19.zdassets.com/hc/theming_assets/1763264/9933025271187/script.js?digest=13195598656787"></script> </head> <body class=""> <header class="header"> <div class="logo"> <a title="Home" href="/web/20230921191124/https://doc.responsibledisclosure.com/hc/en-us"> <img src="//web.archive.org/web/20230921191124im_/https://theme.zdassets.com/theme_assets/1763264/65d0ce9bb72f761a6c8008ea60d1dd5789b92b8c.svg" alt=""> </a> </div> <div class="nav-wrapper"> <span class="icon-menu"></span> <nav class="user-nav" id="user-nav"> <!-- <a href="/hc/en-us/requests">My activities</a> <a class="submit-a-request" href="/hc/en-us/requests/new">Submit a request</a> --> <a href="https://web.archive.org/web/20230921191124/https://doc.responsibledisclosure.com/hc/en-us/articles/10801394414227">Acknowledgments</a> </nav> <a class="login" data-auth-action="signin" role="button" rel="nofollow" title="Opens a dialog" href="/web/20230921191124/https://doc.responsibledisclosure.com/hc/en-us/signin?return_to=https%3A%2F%2Fdoc.responsibledisclosure.com%2Fhc%2Fen-us&amp;locale=en-us">Sign in</a> </div> </header> <main role="main"> <!-- BUTTON ON THE MIDDLE OF THE PAGE FOR SUBMITTING REQUESTS--> <div class="home_page"> <div class="title_home">Welcome to the U.S. Department of Commerce Responsible Disclosure Page <br>Powered by Synack</div> <section class="submit_request"> <article class="text_home">By submitting a vulnerability to the U.S. Department of Commerce through ResponsibleDisclosure.com, you agree to the <a class="link_light" href="https://web.archive.org/web/20230921191124/https://doc.responsibledisclosure.com/hc/en-us/articles/10801491714323">Terms of Service.</a> <p>Please review the Department of Commerce <a class="link_light" href="https://web.archive.org/web/20230921191124/https://www.commerce.gov/vulnerability-disclosure-policy">Vulnerability Disclosure Policy.</a></p> </article> <a class="btn-request" href="https://web.archive.org/web/20230921191124/https://doc.responsibledisclosure.com/hc/en-us/requests/new">Get Started</a> </section> <br> <br> </div> <br> <div class="home_title"> <h1>Responsible Disclosure Policy</h1> <span style="color:green;">ResponsibleDisclosure.com (operated by an independent third party, Synack, on behalf of the Department of Commerce). </span><br> <br> This page is for security researchers interested in reporting application security vulnerabilities. This is intended for application security vulnerabilities only. <p>The details within your request form will be submitted to Synack. If you have reported an issue determined to be within program scope and to be a valid security issue, Synack will validate your finding and you will be allowed to disclose the vulnerability after a fix has been issued. This process is managed exclusively by Synack through their platform, accordingly you must accept the Synack terms of service if you wish to proceed. All queries are to be directed to Synack and managed exclusively through the ResponsibleDisclosure.com online portal.</p> <p>For a full overview and listing of the DOC VDP program scope, please visit the <a href="https://web.archive.org/web/20230921191124/https://www.commerce.gov/vulnerability-disclosure-policy">DOC Vulnerability Disclosure Policy | U.S. Department of Commerce page</a>. For inquiries on scope or the Department of Commerce’s Vulnerability Disclosure Policy, please contact DOC@responsibledisclosure.com . <br> <h1>Responsible Disclosure Guidelines</h1> Researchers must follow the testing guidelines outlined in the DOC VDP, as well as the guidelines below (excerpted from the Synack ROE page and not covered by the DOC VDP):<br> <br> <ul class="c"> <li><span>Adhere to all legal terms and conditions outlined at ResponsibleDisclosure.com</span></li> <li><span>Work directly with ResponsibleDisclosure.com on vulnerability submissions</span></li> <li><span>Provide detailed description of a proof of concept to detail reproduction of vulnerabilities</span></li> <li><span>Do not engage in disruptive testing like DoS or any action that could impact the confidentiality, integrity or availability of information and systems</span></li> <li><span>Do not engage in social engineering or phishing of customers or employees</span></li> <li><span>Do not request compensation for time and materials or vulnerabilities discovered</span></li> <li><span>No uploading of any vulnerability or client-related content to third-party utilities (e.g. Github, DropBox, YouTube)</span></li> <li><span>All attack payload data must use professional language</span></li> <li><span>When documenting a vulnerability, if a vulnerability is public, take measures to ensure it does not identify the Department of Commerce.</span></li> </ul> </div> <!-- END BUTTON--> <!-- <section class="section hero"> <div class="hero-inner"> <form role="search" class="search search-full" data-search="" data-instant="true" autocomplete="off" action="/hc/en-us/search" accept-charset="UTF-8" method="get"><input name="utf8" type="hidden" value="&#x2713;" autocomplete="off" /><input type="search" name="query" id="query" placeholder="Search" autocomplete="off" aria-label="Search" /></form> </div> </section> <div class="container"> <section class="section knowledge-base"> <section class="categories blocks"> <ul class="blocks-list"> <li class="blocks-item "> <a href='/hc/en-us/sections/10801431704467-Acknowledgments' class="blocks-item-link"> <h4 class="blocks-item-title"> Acknowledgments </h4> <p class="blocks-item-description"></p> </a> </li> <li class="blocks-item "> <a href='/hc/en-us/sections/9933098804755-RoE' class="blocks-item-link"> <h4 class="blocks-item-title"> RoE </h4> <p class="blocks-item-description"></p> </a> </li> <li class="blocks-item "> <a href='/hc/en-us/sections/9933098796819-ToS' class="blocks-item-link"> <h4 class="blocks-item-title"> ToS </h4> <p class="blocks-item-description"></p> </a> </li> </ul> </section> </section> <section class="section activity"> <div data-app="recent-activity" data-url="/hc/api/internal/recent_activities?locale=en-us"></div> </section> </div> --> </main> <footer class="footer"> <div class="footer-inner"> <a title="Home" href="/web/20230921191124/https://doc.responsibledisclosure.com/hc/en-us">Department Of Commerce Responsible Disclosure powered by Synack</a> <a href="https://web.archive.org/web/20230921191124/https://doc.responsibledisclosure.com/hc/en-us/articles/10801491714323">Terms of Service</a> <!-- <div class="footer-language-selector"> </div> --> </div> </footer> <!-- / --> <script src="//web.archive.org/web/20230921191124js_/https://static.zdassets.com/hc/assets/en-us.bf1ce5de86fa754a69fb.js"></script> <script src="https://web.archive.org/web/20230921191124js_/https://responsibledisclosure.zendesk.com/auth/v2/host/without_iframe.js" data-brand-id="9933025271187" data-return-to="https://doc.responsibledisclosure.com/hc/en-us" data-theme="hc" data-locale="en-us" data-auth-origin="9933025271187,true,true"></script> <script type="text/javascript"> /* Greetings sourcecode lurker! This is for internal Zendesk and legacy usage, we don't support or guarantee any of these values so please don't build stuff on top of them. */ HelpCenter = {}; HelpCenter.account = {"subdomain":"responsibledisclosure","environment":"production","name":"Responsible Disclosure"}; HelpCenter.user = {"identifier":"da39a3ee5e6b4b0d3255bfef95601890afd80709","email":null,"name":"","role":"anonymous","avatar_url":"https://web.archive.org/web/20230921191124/https://assets.zendesk.com/hc/assets/default_avatar.png","is_admin":false,"organizations":[],"groups":[]}; HelpCenter.internal = {"asset_url":"//web.archive.org/web/20230921191124/https://static.zdassets.com/hc/assets/","web_widget_asset_composer_url":"https://web.archive.org/web/20230921191124/https://static.zdassets.com/ekr/snippet.js","current_session":{"locale":"en-us","csrf_token":null,"shared_csrf_token":null},"settings":{},"usage_tracking":{"event":"front_page_viewed","data":"BAh7BjoKX21ldGF7CzoPYWNjb3VudF9pZGkDwOcaOhNoZWxwX2NlbnRlcl9pZGwrCBOk+rkICToNYnJhbmRfaWRsKwiTXXG2CAk6DHVzZXJfaWQwOhN1c2VyX3JvbGVfbmFtZUkiDkFOT05ZTU9VUwY6BkVUOgtsb2NhbGVJIgplbi11cwY7C1Q=--9858ce0cc007cde299d162def9982e4a83fa9135","url":"https://web.archive.org/web/20230921191124/https://doc.responsibledisclosure.com/hc/activity"},"current_record_id":null,"current_record_url":null,"current_record_title":null,"search_results_count":null,"current_text_direction":"ltr","current_brand":{"id":9933025271187,"account_id":1763264,"name":"Department Of Commerce Responsible Disclosure","active":true,"deleted_at":null,"created_at":"2022-09-28T12:34:18Z","updated_at":"2022-10-29T05:22:56Z","route_id":10119380,"signature_template":"{{agent.signature}}"},"current_brand_url":"https://web.archive.org/web/20230921191124/https://docrd.zendesk.com","current_host_mapping":"doc.responsibledisclosure.com","current_path":null,"authentication_domain":"https://web.archive.org/web/20230921191124/https://responsibledisclosure.zendesk.com","show_autocomplete_breadcrumbs":false,"user_info_changing_enabled":false,"has_user_profiles_enabled":false,"has_end_user_attachments":true,"user_aliases_enabled":false,"has_anonymous_kb_voting":false,"has_multi_language_help_center":true,"show_at_mentions":false,"embeddables_config":{"embeddables_web_widget":false,"embeddables_connect_ipms":false},"base_domain":"zendesk.com","answer_bot_subdomain":"static","manage_content_url":"https://web.archive.org/web/20230921191124/https://doc.responsibledisclosure.com/hc/en-us","arrange_content_url":"https://web.archive.org/web/20230921191124/https://doc.responsibledisclosure.com/hc/admin/arrange_contents?locale=en-us","general_settings_url":"https://web.archive.org/web/20230921191124/https://doc.responsibledisclosure.com/hc/admin/general_settings?locale=en-us","user_segments_url":"https://web.archive.org/web/20230921191124/https://responsibledisclosure.zendesk.com/knowledge/user_segments?brand_id=9933025271187","has_gather":false,"has_ckeditor":false,"has_community_enabled":false,"has_community_badges":false,"has_community_post_content_tagging":false,"has_gather_content_tags":false,"has_guide_content_tags":true,"has_user_segments":true,"has_answer_bot_web_form_enabled":false,"has_edit_user_profile_v2":false,"has_change_password_modal_v2":false,"has_garden_modals":false,"has_suppress_request_email_modal":true,"billing_url":"/access/return_to?return_to=https%3A%2F%2Fresponsibledisclosure.zendesk.com%2Fadmin%2Fbilling%2Fsubscription","is_account_owner":false,"theming_cookie_key":"hc-da39a3ee5e6b4b0d3255bfef95601890afd80709-2-preview","is_preview":false,"has_alternate_templates":true,"arrange_articles_url":"https://web.archive.org/web/20230921191124/https://responsibledisclosure.zendesk.com/knowledge/arrange?brand_id=9933025271187","article_verification_url":"https://web.archive.org/web/20230921191124/https://responsibledisclosure.zendesk.com/knowledge/verification?brand_id=9933025271187","has_article_verification":true,"guide_language_settings_url":"https://web.archive.org/web/20230921191124/https://doc.responsibledisclosure.com/hc/admin/language_settings?locale=en-us","docs_importer_url":"https://web.archive.org/web/20230921191124/https://responsibledisclosure.zendesk.com/knowledge/import_articles?brand_id=9933025271187","content_tags_url":"https://web.archive.org/web/20230921191124/https://responsibledisclosure.zendesk.com/knowledge/content_tags?brand_id=9933025271187","community_badges_url":"https://web.archive.org/web/20230921191124/https://responsibledisclosure.zendesk.com/knowledge/community_badges?brand_id=9933025271187","community_settings_url":"https://web.archive.org/web/20230921191124/https://responsibledisclosure.zendesk.com/knowledge/community_settings?brand_id=9933025271187","gather_plan_state":"cancelled","search_settings_url":"https://web.archive.org/web/20230921191124/https://responsibledisclosure.zendesk.com/knowledge/search_settings?brand_id=9933025271187","has_multibrand_search_in_plan":true,"has_search_settings_in_plan":true,"theming_api_version":1,"theming_settings":{"color_1":"rgba(0, 89, 156, 1)","color_2":"rgba(0, 89, 156, 1)","color_3":"rgba(37, 34, 40, 1)","color_4":"rgba(0, 89, 156, 1)","color_5":"#ffffff","font_1":"Helvetica, Arial, sans-serif","font_2":"Helvetica, Arial, sans-serif","logo":"//web.archive.org/web/20230921191124/https://theme.zdassets.com/theme_assets/1763264/65d0ce9bb72f761a6c8008ea60d1dd5789b92b8c.svg","favicon":"//web.archive.org/web/20230921191124/https://theme.zdassets.com/theme_assets/1763264/5bcf73e037ed238626496ab3a06348ec0793c519.png","homepage_background_image":"//web.archive.org/web/20230921191124/https://theme.zdassets.com/theme_assets/1763264/80b6f5b5ab7e64e47b3098214dafde1deed3b0ec.svg","community_background_image":"//web.archive.org/web/20230921191124/https://theme.zdassets.com/theme_assets/1763264/ea0fc49e94c74884940bd530924916ea87035a5f.svg","community_image":"//web.archive.org/web/20230921191124/https://theme.zdassets.com/theme_assets/1763264/e58c5e8c3ebf94cbbc4d3669def0adbd7d0ff479.svg"},"has_pci_credit_card_custom_field":true,"current_brand_id":9933025271187,"help_center_restricted":false,"current_brand_active":true,"is_assuming_someone_else":false,"flash_messages":[],"user_photo_editing_enabled":true,"has_end_user_apps":true,"has_request_list_custom_fields":true,"has_docs_importer":false,"has_sunco_widget_kill_switch":false,"user_preferred_locale":"en-us","has_end_user_session_renewal":true,"has_reload_page_after_changing_password":true,"has_user_session_cookie_enabled":false,"has_google_analytics_4":true,"version":"v23543"}; </script> <script src="//web.archive.org/web/20230921191124js_/https://static.zdassets.com/hc/assets/moment-4ef0d82f9fc65c8a28f659aa3430955f.js"></script> <script src="//web.archive.org/web/20230921191124js_/https://static.zdassets.com/hc/assets/hc_enduser-633133ec4ccbaccc0d27e99a0d186424.js"></script> </body> </html><!-- FILE ARCHIVED ON 19:11:24 Sep 21, 2023 AND RETRIEVED FROM THE INTERNET ARCHIVE ON 00:27:04 Nov 29, 2024. JAVASCRIPT APPENDED BY WAYBACK MACHINE, COPYRIGHT INTERNET ARCHIVE. ALL OTHER CONTENT MAY ALSO BE PROTECTED BY COPYRIGHT (17 U.S.C. SECTION 108(a)(3)). --> <!-- playback timings (ms): captures_list: 0.46 exclusion.robots: 0.024 exclusion.robots.policy: 0.015 esindex: 0.01 cdx.remote: 15.316 LoadShardBlock: 1250.788 (3) PetaboxLoader3.datanode: 174.428 (4) PetaboxLoader3.resolve: 1139.183 (2) load_resource: 111.475 -->