Vulnerability Disclosure Program (VDP)

VDPs are meant for responsibly reporting vulnerabilities you encounter — not for actively hunting for fame or reputation. Even if you're just starting out, consider focusing on rewarded bug bounty programs instead.

csosa-vdp

BugcrowdView on Bugcrowd

RawAI Enhanced

In Scope

Out of Scope

In-Scope Assets (2)

Asset	Category	Bounty	Quick Links
*.csosa.gov	URL	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
https://www.csosa.gov/	URL	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa

Scope Changes (10)

Mar 5, 2026

Change	Asset	Category	Scope	Time
Added	https://www.csosa.gov/	URL	In Scope	22:35
Added	*.csosa.gov	URL	In Scope	22:35
Added	*.csosa.gov	WILDCARD	In Scope	22:35
Added	https://www.csosa.gov/	URL	In Scope	22:35

Feb 25, 2026

Change	Asset	Category	Scope	Time
Added	*.csosa.gov	WILDCARD	In Scope	19:22
Added	https://www.csosa.gov/	URL	In Scope	19:22
Added	https://www.csosa.gov/	URL	In Scope	17:21
Added	*.csosa.gov	URL	In Scope	17:21
Added	https://www.csosa.gov/	URL	In Scope	17:21
Added	*.csosa.gov	WILDCARD	In Scope	17:21