Vulnerability Disclosure Policy

Cuyahoga County is committed to ensuring the security of the Cuyahoga County citizens and the American public by protecting their information from unwarranted disclosure. This policy is intended to give security researchers clear guidelines for conducting vulnerability discovery activities and to convey our preferences in how to submit discovered vulnerabilities to us.

This policy describes what systems and types of research are covered under this policy, how to send us vulnerability reports, and how long we ask security researchers to wait before publicly disclosing vulnerabilities.

We want security researchers to feel comfortable reporting vulnerabilities discovered – as set out in this policy – so we can fix them and keep our users and citizens safe. We have developed this policy to reflect our values and uphold our sense of responsibility to security researchers who share their expertise with us in good faith.

 

Vulnerability Disclosure Policy

Guidelines
Expectations
Authorization
Sensitive information
Scope
Reporting a Vulnerability
Official Reporting Channel
Coordinated Disclosure
Document Change History

 

 


  
How could we make it better?
   Please leave a comment before submitting.
Thank you for your feedback
Your feedback means a lot to us. We use it to improve the experience of all of our users.