Vulnerability Disclosure Policy

The strength and vitality of the U.S. economy depends directly on effective mechanisms that protect new ideas and investments in innovation and creativity. The United States Patent and Trademark Office (“USPTO” or ‘we”) is committed to ensuring that the data stored within all USPTO systems is safe and secure. This commitment can be fulfilled not only by the dedicated staff of the USPTO, but also by external researchers with the right expertise. This policy is intended to give those security researchers (“security researcher” or “you”) clear guidelines for conducting vulnerability discovery activities and to convey our preferences in how to submit discovered vulnerabilities to us.

This policy describes what systems and types of research are covered under this policy, how to send us vulnerability reports, and how long we require security researchers to wait before publicly disclosing vulnerabilities.

We encourage security researchers to contact us when reporting potential vulnerabilities discovered in the systems within the scope of this policy via the methods below.