An official website of the United States government. Here's how you know ⇣
For DoD Partners
We appreciate your interest in executing a Bug Bounty with us! We bring expertise, long standing relationships with industry partners and security researchers, and execution authority from the Secretary of Defense, consistent with Vulnerability Disclosure Program principles.
Below you will find information answering common questions and important facts in the running of a Bug Bounty with us.
Policy Docs: Security Researchers And The Handling Of PII & PHI
DoD in all policy references the standing OMB Memo M-17-12 that defines PII/PHI and handling. View M-17-12 →
OMB Memo M-20-32 to clarify how vulnerability discovery programs impact existing guidance to include M-17-12 and PII/PHI. The clearest guidance comes from the first section, specifically bullet point five, which DDS believes exempts activity done within the scope of authorized testing from the consequences of M-17-12. View M-20-32 →