When conducting vulnerability research according to this policy, we consider this research to be:
- Authorized in accordance with the Computer Fraud and Abuse Act (CFAA) (and/or similar state laws), and we will not initiate or support legal action against you for accidental, good faith violations of this policy;
- Exempt from the Digital Millennium Copyright Act (DMCA), and we will not bring a claim against you for circumvention of technology controls;
- Exempt from restrictions in our Terms & Conditions that would interfere with conducting security research, and we waive those restrictions on a limited basis for work done under this policy; and
- Lawful, helpful to the overall security of the Internet, and conducted in good faith.
- You are expected, as always, to comply with all applicable laws.
If you have concerns or are uncertain whether your security research is consistent with this policy, please inquire via committees and group leaders before going any further.
- Reach Stewardship Developers
- Request to join Bug Bounty Group
- Publish Bug Proposal(s) in Environmental Sector
- Get Reviews on Your Proposal(s)
- Check Business Requirements With Policy Committee
- Check Business Requirements With Entrepreneurship Committee
- Check Technical Requirements With Development Committee