Git Product home page Git Product logo

hack-your-government's Introduction

Can you hack your government?

Vulnerability disclosure policies and bug bounty programs are becoming standard across industry and government. Beginning with the U.S. Department of Defense, several government agencies worldwide have implemented vulnerability disclosure programs.

This is a list of government agencies that have bug bounty programs or vulnerability disclosure policies. Please submit a pull request if any government agencies are missing from this list.

Note: This list is not an invitation to hack any of the listed organizations. Ensure that you comply with all listed terms of an organization's vulnerability disclosure policy.

Organization Type Rewards Link Notes
U.S. Department of Defense VDP None https://hackerone.com/deptofdefense Safe Harbor
U.S. Department of Defense Bug Bounty Varies Private, time-limited challenges
GSA Technology Transformation Services Bug Bounty $150-$5,000 https://hackerone.com/tts Safe Harbor
Centers for Medicare & Medicaid Services (CMS) VDP None https://www.cms.gov/Research-Statistics-Data-and-Systems/CMS-Information-Technology/CIO-Directives-and-Policies/Downloads/CMS-Vulnerability-Disclosure-Policy.pdf Safe Harbor
State of Delaware VDP https://delaware.gov/help/responsible-disclosure.shtml Partial Safe Harbor
Washington D.C. VDP None https://octo.dc.gov/sites/default/files/dc/sites/octo/publication/attachments/Responsible%20Disclosure%20Policy%20.pdf
Netherlands NCSC VDP Up to โ‚ฌ300 https://www.ncsc.nl/security
Netherlands Central Government VDP https://www.government.nl/topics/cybercrime/fighting-cybercrime-in-the-netherlands/responsible-disclosure
United Kingdom NCSC VDP None https://hackerone.com/ncsc_uk

Other government agencies offer avenues for disclosure without providing authorization or a safe harbor. As such, participate in these programs at your own risk and assume no legal protections. Some examples include the following.

Organization Link Notes
DHS via U.S. CERT https://www.kb.cert.org/vuls/govreport/
UK Government via NCSC https://www.ncsc.gov.uk/information/vulnerability-reporting
Government of India via NCIIPC https://nciipc.gov.in/RVDP.html

hack-your-government's People

Contributors

cablej avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.