Skip to main content

News UK Vulnerability Disclosure Programme

 

1. What is a security vulnerability?

A security vulnerability is a weakness, flaw, or error found within a system that has the potential to be leveraged by a threat agent to compromise the confidentiality, integrity or availability of the system.

News UK values the efforts of and role that the information security community plays to identify new threats and help businesses to protect their information assets. We encourage the reporting of any possible security vulnerabilities that may be found in our information assets. We take security seriously and will investigate all reported vulnerabilities. If you have any information about a possible security vulnerability in our information assets, please let us know right away.

2. How to report a security vulnerability:

Our vulnerability disclosure programme is managed by Bugcrowd. Submissions are subject to Bugcrowd’s Standard Disclosure Terms. Please send an email to newsuk@submit.bugcrowd.com and include any relevant information listed under Bugcrowd’s Report a Bug page.

3. Public notification:

In order to protect our customers, News UK asks that you do not post or share any information about a potential vulnerability in a public setting until we have researched, responded to and addressed the vulnerability.