NEW YORK POST’S VULNERABILITY DISCLOSURE PROGRAM
Effective Date: January 1, 2023

1.  WHAT IS A SECURITY VULNERABILITY?

A security vulnerability is a weakness, flaw, or error found within a system that has the potential to be leveraged by a threat agent to compromise the confidentiality, integrity or availability of the system.

The New York Post values the efforts of and role that the information security community plays to identify new threats and help businesses to protect their information assets. We encourage the reporting of any possible security vulnerabilities that may be found in the New York Post’s information assets. The New York Post takes security seriously and will investigate all reported vulnerabilities. If you have any information about a possible security vulnerability in the New York Post’s information assets, please let us know right away.

2.  HOW TO REPORT A SECURITY VULNERABILITY:

Our vulnerability disclosure program is managed by Bugcrowd. Submissions are subject to Bugcrowd’s Standard Disclosure Terms.

Please send us an email at vdp@nypost.com and include relevant information listed under Bugcrowd’s Report a Bug page. We will forward your email to Bugcrowd.

3.  PUBLIC NOTIFICATION:

In order to protect our customers, the New York Post asks that you do not post or share any information about a potential vulnerability in a public setting until we have researched, responded to and addressed the vulnerability.