My CCSO

Vulnerability Disclosure Program

Font Size: + -
Share & Bookmark, Press Enter to show all options, press Tab go to next option
Print

Overview

At the Collier County Sheriff's Office, the security of our systems and data is a top priority.

We believe in working proactively with the security community to identify and remediate potential vulnerabilities before they can be exploited. That’s why we’ve partnered with Bugcrowd to provide security researchers with a safe and confidential way to responsibly disclose their findings.

By using the form below, we can work together to strengthen the protection and security of our digital systems and sensitive data.

Responsible Disclosure Guidelines

  • Do not exploit vulnerabilities beyond what is necessary to prove their existence.
  • Do not modify or destroy any data.
  • Do not impact the availability of our services.
  • Do not disclose any findings or data to third parties or the public.
  • Do allow us a reasonable amount of time to respond, no less than 30 days.
  • Do allow us a reasonable amount of time to remediate, no less than 90 days.

Safe Harbor

If you follow these guidelines and act in good faith, we will not initiate legal action against you. We consider activities conducted in accordance with this program to be authorized conduct.

In Scope

The following assets and vulnerability types are considered in-scope for this program:

  • All publicly accessible production systems owned and operated by Collier County Sheriff's Office
  • colliersheriff.org and subdomains
  • Authentication bypass, privilege escalation, remote code execution
  • Cross-Site Scripting (XSS), SQL injection, CSRF, SSRF
  • Exposed credentials, misconfigured security headers, open S3 buckets

Out of Scope

 The following are not eligible for submission under this program:

  • Denial of Service (DoS) or brute-force attacks
  • Physical security testing or social engineering (including phishing)
  • Reports involving third-party services or applications not under our control
  • Clickjacking on pages with no sensitive content
  • Use of automated scanners or fuzzers with no actionable results
  • Rate limiting or CAPTCHA bypass unless it leads to significant risk

Reporting a Vulnerability

To submit a vulnerability report, please use the form embedded below. Our team will review your submission and respond as quickly as possible.