Vulnerability Disclosure Policy

The Permitting Council is committed to maintaining the security of our systems and protecting sensitive information from unauthorized disclosure. 

This Vulnerability Disclosure Policy (VDP) describes the activities that can be undertaken by security researchers to find and report vulnerabilities in internet-accessible systems and services in a legally authorized manner. Security researchers can be any person of any age or affiliation located anywhere in the world.

Security researchers should feel comfortable reporting vulnerabilities discovered, as defined in this policy, to afford Permitting Council the opportunity to remediate the findings for the purpose of ensuring confidentiality and keeping the information safe. 

The U.S. General Service Administration’s Vulnerability Disclosure Policy also applies to all Permitting Council managed systems and services that are accessible from the Internet. This includes the registered domain names: https://www.fpisc.gov and https://www.permitting.gov.