As a component of DHS, CBP has an information and communications technology footprint that is tightly interwoven and globally deployed. Many DHS/CBP technologies are deployed in critical infrastructure systems and, to varying degrees, support ongoing homeland security operations.
CBP’s information systems provide essential services in support of our mission to protect the American people, safeguard our borders, and enhance the nation’s economic prosperity. To carry out this mission, we are committed to diligently maintaining the security of our information systems.
CBP recognizes that security researchers regularly contribute to the work of securing organizations and the internet. Therefore, CBP invites reports of any vulnerabilities discovered on internet-accessible CBP information systems, applications, and websites.1 Information submitted to CBP under this policy will be used for defensive purposes, that is, to mitigate or remediate vulnerabilities in our networks. This program upholds the DHS motto “See Something – Say Something” in the virtual environment by positively engaging with and establishing a communication loop between researchers and CBP.
Before submitting vulnerability information, please read our Vulnerability Disclosure Policy (VDP).
If you have a vulnerability of CBP systems that you would like to submit for consideration, please visit the CBP Responsible Disclosure site
- You are leaving a CBP operated site and entering a non-federal Web site.
- This external link provides Vulnerability Disclosure services and no other services for CBP.
- Linking to this non-federal site does not constitute an endorsement by CBP or any of its employees of the sponsors or the information and products presented on the site.
- You should read the ResponsibleDisclosure.com Terms of Service when visiting the site
1 These websites constitute “information systems” as defined by 44 U.S.C. 3502(8).
Vulnerability Disclosure Program Policy and Rules of Engagement