Get the full experience when you use our app.READ IN APP
Vulnerability Disclosure Policy
By Washington Post Staff

As a global leader in media as well as SaaS for publishing, The Washington Post embraces responsible software development norms. To support a healthy internet ecology, we are sharing our Vulnerability Disclosure Policy. This policy describes the submission process for security researchers wanting to share their findings with our engineering teams.
Get the full experience.Choose your plan
Our commitment to independent researchers:
Our request:
In-Scope Examples:
BOLAs/IDORs, OWASP API Top 10, multi-stage logic flaws, account enumerations and iteration flaws, XML injections, auth problems, cloud data leakages, critical software version flaws, provable RFIs/LFIs, upload exploits, WAF bypasses.
Below you will find a form where you can submit your findings. Please include accurate and detailed findings to facilitate faster validation. Thank you and happy hunting!
© 1996-2022 The Washington Post
About The Post
Contact the Newsroom
Contact Customer Care
Request a Correction
Send a News Tip
Report a Vulnerability
Download the Washington Post App
Policies & Standards
Terms of Service
Privacy Policy
Cookie Settings
Print Products Terms of Sale
Digital Products Terms of Sale
Submissions & Discussion Policy
RSS Terms of Service
Ad Choices
Accessibility statementSkip to main contentDemocracy Dies in DarknessSubscribe