GDIT is committed to protecting the security and privacy of our customers, partners, and systems. This Vulnerability Disclosure Program (VDP) outlines how to report potential security vulnerabilities in our systems, applications, or infrastructure. GDIT encourages submissions from individuals or organizations who follow responsible disclosure practices and act in good faith.
If you believe you identified a potential vulnerability, GDIT appreciates your help in bringing it to our attention using the form below.
If you make a good faith effort to comply with this policy during your security research, GDIT will consider your research to be authorized. GDIT will work with you to understand and resolve the issue quickly, and GDIT will not recommend or pursue legal action related to your research. Should legal action be initiated by a third party against you for activities that were conducted in accordance with this policy, we will make this authorization known.
By participating in this program, you agree with the following:
Once you’ve established that a vulnerability exists or encounter any sensitive data (including personally identifiable information, financial information, or proprietary information or trade secrets of any party), you must stop your test, notify us immediately, and not disclose this data to anyone else.
GDIT does not operate a bug bounty program and will not offer financial compensation or rewards for vulnerability submissions.
The following test methods are not authorized:
This policy applies to the following systems and services:
*.gdit.com
Any service not expressly listed above, such as any connected services, are excluded from scope and are not authorized for testing. Additionally, vulnerabilities found in systems from our vendors fall outside of this policy’s scope and should be reported directly to the vendor according to their disclosure policy (if any).
Though we develop and maintain other internet-accessible systems or services, GDIT asks that active research and testing only be conducted on the systems and services covered by the scope of this document. If there is a particular system not in scope that you think merits testing, please contact us to discuss it first. We will increase the scope of this policy over time.
Public disclosure of vulnerabilities identified through this program is not permitted. Participants must refrain from sharing any details of reported vulnerabilities publicly.
GDIT appreciates and encourages responsible security research that helps us improve the safety and integrity of our systems. If you believe you have discovered a security vulnerability in one of our systems, services, or applications, please follow the steps below to report it to us.
When submitting a vulnerability, please include as much of the following information as possible to help us triage and respond quickly:
GDIT values every vulnerability disclosure and appreciates the time, effort, and expertise that you have invested in identifying potential issues. GDIT is committed to working collaboratively with researchers. Our efforts include: