/
Disclosure Policy

Disclosure Policy

Owned by Petteri Kivimäki
May 16, 2023
1 min read

NIIS supports the responsible disclosure of vulnerabilities. However, due to X-Road’s use in government agencies worldwide, it is necessary for NIIS to ensure that sufficient time is available for users to patch their instances of X-Road prior to the public disclosure of any vulnerability. As such, we ask that you mention your intention to publicly disclose a vulnerability when you submit a finding to this program and wait for NIIS to grant approval before publicly disclosing your findings. Findings that are publicly disclosed without NIIS approval will not be eligible for a bounty.

Related content

Program rules
Program rules
X-Road Bug Bounty Program
More like this
Scope
Scope
X-Road Bug Bounty Program
More like this
Rewards
Rewards
X-Road Bug Bounty Program
More like this
How does NIIS help us to look further into X-Road?
How does NIIS help us to look further into X-Road?
X-Road Knowledge Base
More like this
2023-09-20
2023-09-20
X-Road Community Expert Group
More like this
Program Overview
Program Overview
X-Road Bug Bounty Program
More like this