The Federal Retirement Thrift Investment Board (FRTIB) is committed to ensuring the security of FRTIB information and to preventing unauthorized access, modification, use, or disclosure. FRTIB recognizes that a vulnerability disclosure policy is an important element of an effective vulnerability management program and critical to the security of internet-accessible information systems. FRTIB is publishing a vulnerability disclosure policy in order to encourage meaningful collaboration between the FRTIB and the public and to enable the FRTIB to remediate vulnerabilities before they can be exploited by an adversary.

The purpose of this policy is to establish the FRTIB Vulnerability Disclosure Policy, to define authorized and prohibited research and activities, to define how vulnerabilities are reported and communicated to the Agency, and the requirements for disclosing vulnerability information to public on behalf of the Agency as a ‘Reporter’.

Scope

Program rules

This program follows Bugcrowd’s standard disclosure terms.

For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please email support@bugcrowd.com. We will address your issue as soon as possible.

Learn more about Bugcrowd’s VRT.