• If you've found a security or privacy issue on the .gov top-level domain infrastructure, submit it to our vulnerabilty disclosure form or email [email protected].
• If you see a security or privacy issue on an individual .gov domain, check current-full.csv to see whether the domain has a security contact to report your finding directly. You are welcome to Cc [email protected] on the email.
  • If you are unable to find a contact or receive no response from the security contact, email [email protected].

Note that most federal (executive branch) agencies maintain a vulnerability disclosure policy.