Login.gov · Vulnerability Disclosure

Login Gov Vulnerability Disclosure

Vulnerability disclosure

Login.gov runs a coordinated vulnerability disclosure program on Hackerone. A machine-readable /.well-known/security.txt is served. A dedicated security contact is published.

GovernmentFederalGSAIdentityAuthenticationSSOOIDCSAMLIAL2AAL2
Program: Hackerone security.txt present

Disclosure Policy

Policy

Security Contact

Contact
https://hackerone.com/gsa_bbp
Contact
https://login.gov/contact/
Contact
mailto:security@login.gov

Source

Vulnerability Disclosure

Raw ↑
generated: '2026-07-11'
method: searched
probe: true
source: https://www.login.gov/.well-known/security.txt
policy:
- https://handbook.tts.gsa.gov/general-information-and-resources/tech-policies/responding-to-public-disclosure-vulnerabilities/
contact:
- https://hackerone.com/gsa_bbp
- https://login.gov/contact/
- mailto:security@login.gov
evidence:
- source: https://www.login.gov/.well-known/security.txt
  kind: security.txt (live probe)