Vulnerability Disclosure Program Policy and Rules of Engagement
As part of DHS, CBP has an information and communications technology infrastructure that is highly integrated and deployed globally. Many DHS/CBP technologies are implemented in critical infrastructure systems and, to varying extents, support ongoing homeland security operations.
CBPβs information systems play a crucial role in supporting our mission to protect the American people, secure our borders, and promote the nationβs economic prosperity. In fulfilling this mission, we are dedicated to consistently maintaining the security of our information systems.
CBP acknowledges the valuable contributions of security researchers in securing organizations and the internet. As such, CBP encourages the reporting of any vulnerabilities found in internet-accessible CBP information systems, applications, and websites. Information submitted under this policy will be used for defensive purposes, specifically to mitigate or address vulnerabilities within our networks. This program aligns with the DHS motto βSee Something β Say Somethingβ in the digital realm by fostering positive engagement and creating a communication loop between researchers and CBP.
Before submitting vulnerability information, please review our Vulnerability Disclosure Policy (VDP).
If you have a vulnerability of CBP systems that you would like to submit for consideration, please visit the CBP Responsible Disclosure site.
You are now leaving an official website of the United States Government (USG), the Department of Homeland Security (DHS), and U.S. Customs and Border Protection (CBP). Links to non-USG, non-DHS, and non-CBP sites are provided for your convenience and do not constitute an endorsement by USG, DHS, or CBP of any commercial or private issues, products, or services. Please be aware that the privacy policy (and terms of service) of the linked site may differ from that of USG, DHS, and CBP.
- You are leaving a CBP operated site and entering a non-federal Web site.
- This external link provides Vulnerability Disclosure services and no other services for CBP.
- Linking to this non-federal site does not constitute an endorsement by CBP or any of its employees of the sponsors or the information and products presented on the site.
- You will be subject to the destination siteβs privacy policy when you leave this site.
- You should read the ResponsibleDisclosure.com Terms of Service when visiting the site
1 These websites constitute βinformation systemsβ as defined by 44 U.S.C. 3502(8).