|
|
|
|
|
|
by ab
2579 days ago
|
|
|
If there's not an obvious security contact at the agency, you can always report vulnerabilities to US-CERT, which has overall responsibility for connecting reporters to the right responders. https://www.us-cert.gov/ This links to the report form at https://www.kb.cert.org/vuls/govreport/ As with all vulnerability reporting, it's much more likely that someone will take action on your report if you can provide evidence or a reproducible proof of concept. 18F/TTS can sometimes direct reports to the right place, but it's really not their job to do so. |
|
|