U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

  1. Home
  2. Directives
  3. Vulnerability Disclosure Program Policy and Rules of Engagement

Vulnerability Disclosure Program Policy and Rules of Engagement

Directives
Document Posting Date

As a component of DHS, CBP has an information and communications technology footprint that is tightly interwoven and globally deployed. Many DHS/CBP technologies are deployed in critical infrastructure systems and, to varying degrees, support ongoing homeland security operations.

CBP’s information systems provide essential services in support of our mission to protect the American people, safeguard our borders, and enhance the nation’s economic prosperity. To carry out this mission, we are committed to diligently maintaining the security of our information systems.

CBP recognizes that security researchers regularly contribute to the work of securing organizations and the internet. Therefore, CBP invites reports of any vulnerabilities discovered on internet-accessible CBP information systems, applications, and websites.1  Information submitted to CBP under this policy will be used for defensive purposes, that is, to mitigate or remediate vulnerabilities in our networks. This program upholds the DHS motto “See Something – Say Something” in the virtual environment by positively engaging with and establishing a communication loop between researchers and CBP.

Before submitting vulnerability information, please read our Vulnerability Disclosure Policy (VDP).

If you have a vulnerability of CBP systems that you would like to submit for consideration, please visit the CBP Responsible Disclosure site

You are now leaving an official website of the United States Government (USG), the Department of Homeland Security (DHS) and U.S. Customs and Border Protection (CBP). Links to non-USG, non-DHS and non-CBP sites are provided for the visitor's convenience and do not represent an endorsement by USG, DHS, or CBP of any commercial or private issues, products, or services. Note that the privacy policy [and terms of service] of the linked site may differ from that of USG, DHS, and CBP.

  • You are leaving a CBP operated site and entering a non-federal Web site.
  • This external link provides Vulnerability Disclosure services and no other services for CBP.
  • Linking to this non-federal site does not constitute an endorsement by CBP or any of its employees of the sponsors or the information and products presented on the site.
  • You will be subject to the destination site’s privacy policy when you leave this site.
  • You should read the ResponsibleDisclosure.com Terms of Service when visiting the site

1 These websites constitute “information systems” as defined by 44 U.S.C. 3502(8).

  • Last Modified: September 21, 2022