Responsible Vulnerability Disclosure Process

Subheader

At RSAC, we take your safety, security and privacy seriously. We appreciate and encourage security researchers to contact us to report potential vulnerabilities. We believe that responsible security research and disclosure help us continually improve how we keep our members, partners, and employees safe. We are committed to protecting our members' privacy and the personal data we receive from them, which is why we offer a vulnerability disclosure process. We believe that this process will further bolster our security and allow us to continue to provide excellent service to our members.

If you think you have discovered a potential vulnerability that affects our platform, apps and/or online portals, please share it with us by completing the submission form below and following the submission guidelines in accordance with and subject to the Membership Terms of Service.

RSAC recommends that security researchers share the details of any suspected vulnerabilities across any in-scope assets using the web form below, which will submit the report directly to RSAC's vulnerability disclosure program hosted and managed by Bugcrowd. RSAC strives to address any in-scope leverageable vulnerability in a timely manner.

Although your participation is expressly optional and RSAC will not be providing any compensation for your participation in this process, participants who identify, responsibly disclose and help resolve key issues relating to our platform, apps and/or online portals will receive recognition through Bugcrowd's researcher points system. These points are awarded based on submission quality and help researchers build their professional reputation within the security community. See Bugcrowd Terms for more details. Further, any information provided through this process will constitute "Feedback" as defined in the Membership Terms of Service. By participating in the vulnerability disclosure program, you agree to comply with these terms and the requirements and guidelines included here.