Banner object (1)

Hack and Take the Cash !

836 bounties in database
  Back Link to program      
08/08/2019
NCSC UK  logo
Thanks
Gift
Hall of Fame
Reward

NCSC UK

This policy is intended to give guidelines for submitting vulnerabilities discovered in the UK’s National Cyber Security Centre web platform and its subdomains:
*.ncsc.gov.uk.

If you believe you've found a vulnerability in a UK government website or system, please contact the owner. If there is not a point of contact (or no response) you can report the vulnerability here __.

What We’ll Do

We’ll make a best effort respond to your report within 5 working days and aim to triage your report within 10 working days. We’ll also try to keep you informed about our progress throughout the process.

Once your vulnerability has been resolved, we welcome requests to disclose your report via the HackerOne platform.

NCSC are excited to recognise contributions to making our web platform more secure via this HackerOne VDP. However, we do not offer monetary rewards for vulnerability disclosures.

Guidelines

  • Please do not publicly disclose any details of the vulnerability, indicator of vulnerability, or the content of information rendered available by a vulnerability, except upon receiving consent from NCSC.
  • Please follow HackerOne's disclosure guidelines __.
  • Provide detailed reports with reproducible steps.
  • Submit one vulnerability per report.
  • Avoid submitting unvalidated reports from automated vulnerability scanners.
  • Use the HackerOne contact channels to discuss a vulnerability report.
  • Please do no harm and do not exploit any vulnerability beyond the minimal amount of testing required to prove that a vulnerability exists or to identify an indicator related to a vulnerability.
  • Please avoid intentionally accessing the content of any communications, data, or information transiting or stored on NCSC information system(s) – except to the extent that the information is directly related to a vulnerability and the access is necessary to prove that the vulnerability exists.
  • Please do not exfiltrate any data under any circumstances.
  • Please do not intentionally compromise the privacy or safety of NCSC personnel, or any third parties.
  • Please do not conduct denial of service testing.
  • Please do not conduct social engineering, including spear phishing.
  • Vulnerabilities in third-party systems are not covered by this VDP.
  • For issues that do not represent a security risk please Contact NCSC __.
  • If you believe you've found a vulnerability in a UK government website or system, please contact the owner. If there is not a point of contact (or no response) you can report the vulnerability here __.

Thank you for your help!

In Scope

Scope Type Scope Name
web_application

*.ncsc.gov.uk


This program have been found on Hackerone on 2019-08-08.

FireBounty © 2015-2019

Legal notices