The Federal Permitting Improvement Steering Council (the "Permitting Council") is committed to maintaining the security of our systems and protecting sensitive information from unauthorized disclosure.
This Vulnerability Disclosure Policy (VDP) describes the activities that can be undertaken by security researchers to find and report vulnerabilities in internet-accessible systems and services in a legally authorized manner. Security researchers can be any person of any age or affiliation located anywhere in the world.
Security researchers should feel comfortable reporting vulnerabilities discovered, as defined in this policy, to afford Permitting Council the opportunity to remediate the findings for the purpose of ensuring confidentiality and keeping the information safe.
We encourage you to contact us to report potential vulnerabilities in our systems.
The below linked Department of Transportation’s Vulnerability Disclosure Policy also applies to all Federal Permitting Improvement Steering Council managed systems and services that are accessible from the Internet. This includes the registered domain names: https://www.fpisc.gov and https://www.permitting.gov which redirects to https://www.permits.performance.gov
Vulnerability Disclosure Policy - U.S. Department of Transportation