- If you've found a security or privacy issue on the .gov top-level domain infrastructure, submit it to our vulnerabilty disclosure form or email [email protected].
- If you see a security or privacy issue on an individual .gov domain, check current-full.csv to see whether the domain has a security contact to report your finding directly. You are welcome to Cc [email protected] on the email.
- If you are unable to find a contact or receive no response from the security contact, email [email protected].
Note that most federal (executive branch) agencies maintain a vulnerability disclosure policy.