Vulnerability Disclosure Program (VDP)
VDPs are meant for responsibly reporting vulnerabilities you encounter — not for actively hunting for fame or reputation. Even if you're just starting out, consider focusing on rewarded bug bounty programs instead.
dhs-vdp
42
In Scope
1
Out of Scope
In-Scope Assets (42)
| Asset | Category | Bounty | Quick Links | |
|---|---|---|---|---|
| *.BIOMETRICS.GOV | URL | No | ||
| *.CBP.GOV | URL | No | ||
| *.CISA.GOV | URL | No | ||
| *.CPNIREPORTING.GOV | URL | No | ||
| *.CYBER.GOV | URL | No | ||
| *.CYBERSECURITY.GOV | URL | No | ||
| *.DISASTERASSISTANCE.GOV | URL | No | ||
| *.DOTGOV.GOV | URL | No | ||
| *.E-VERIFY.GOV | URL | No | ||
| *.EVERIFY.GOV | URL | No | ||
| *.EVUS.GOV | URL | No | ||
| *.FEMA.GOV | URL | No | ||
| *.FIRSTRESPONDERTRAINING.GOV | URL | No | ||
| *.FLETA.GOV | URL | No | ||
| *.FLETC.GOV | URL | No | ||
| *.FLOODSMART.GOV | URL | No | ||
| *.GET.GOV | URL | No | ||
| *.GLOBALENTRY.GOV | URL | No | ||
| *.HOMELANDSECURITY.GOV | URL | No | ||
| *.ICE.GOV | URL | No | ||
| *.JUNTOS.GOV | URL | No | ||
| *.LISTO.GOV | URL | No | ||
| *.NIC.GOV | URL | No | ||
| *.NIEM.GOV | URL | No | ||
| *.NMSC.GOV | URL | No | ||
| *.POWER2PREVENT.GOV | URL | No | ||
| *.PREVENTIONRESOURCEFINDER.GOV | URL | No | ||
| *.READY.GOV | URL | No | ||
| *.READYBUSINESS.GOV | URL | No | ||
| *.SAFETYACT.GOV | URL | No | ||
| *.SCHOOLSAFETY.GOV | URL | No | ||
| *.SECRETSERVICE.GOV | URL | No | ||
| *.STOPRANSOMWARE.GOV | URL | No | ||
| *.TOGETHER.GOV | URL | No | ||
| *.TRUMPCARD.GOV | URL | No | ||
| *.TSA.GOV | URL | No | ||
| *.US-CERT.GOV | URL | No | ||
| *.USCG.GOV | URL | No | ||
| *.USCIS.GOV | URL | No | ||
| *.USSS.GOV | URL | No | ||
| *.dhs.gov | URL | No | ||
| https://trumpcard.gov | URL | No |
Out-of-Scope Assets (1)
| Asset | Category | Bounty | |
|---|---|---|---|
| All third party sites and endpoints | OTHER | No |
Scope Changes (215)
Mar 5, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Added | *.cbp.gov | WILDCARD | In Scope | 22:39 |
| Added | *.nic.gov | WILDCARD | In Scope | 22:39 |
| Added | *.everify.gov | WILDCARD | In Scope | 22:39 |
| Added | *.disasterassistance.gov | WILDCARD | In Scope | 22:39 |
| Added | *.cisa.gov | WILDCARD | In Scope | 22:39 |
| Added | *.stopransomware.gov | WILDCARD | In Scope | 22:39 |
| Added | *.secretservice.gov | WILDCARD | In Scope | 22:39 |
| Added | *.nmsc.gov | WILDCARD | In Scope | 22:39 |
| Added | *.listo.gov | WILDCARD | In Scope | 22:39 |
| Added | *.nmsc.gov | URL | In Scope | 22:39 |
| Added | *.cpnireporting.gov | WILDCARD | In Scope | 22:39 |
| Added | *.us-cert.gov | WILDCARD | In Scope | 22:39 |
| Added | *.tsa.gov | WILDCARD | In Scope | 22:39 |
| Added | *.ice.gov | WILDCARD | In Scope | 22:39 |
| Added | *.homelandsecurity.gov | WILDCARD | In Scope | 22:39 |
| Added | *.get.gov | WILDCARD | In Scope | 22:39 |
| Added | *.fletc.gov | WILDCARD | In Scope | 22:39 |
| Added | all third party sites and endpoints | OTHER | Out of Scope | 22:39 |
| Added | *.dhs.gov | URL | In Scope | 22:39 |
| Added | *.biometrics.gov | URL | In Scope | 22:39 |
| Added | *.cbp.gov | URL | In Scope | 22:39 |
| Added | *.cisa.gov | URL | In Scope | 22:39 |
| Added | *.cpnireporting.gov | URL | In Scope | 22:39 |
| Added | *.cyber.gov | URL | In Scope | 22:39 |
| Added | *.cybersecurity.gov | URL | In Scope | 22:39 |
| Added | *.disasterassistance.gov | URL | In Scope | 22:39 |
| Added | *.dotgov.gov | URL | In Scope | 22:39 |
| Added | *.e-verify.gov | URL | In Scope | 22:39 |
| Added | *.everify.gov | URL | In Scope | 22:39 |
| Added | *.evus.gov | URL | In Scope | 22:39 |
| Added | *.fema.gov | URL | In Scope | 22:39 |
| Added | *.firstrespondertraining.gov | URL | In Scope | 22:39 |
| Added | *.fleta.gov | URL | In Scope | 22:39 |
| Added | *.fletc.gov | URL | In Scope | 22:39 |
| Added | *.floodsmart.gov | URL | In Scope | 22:39 |
| Added | *.get.gov | URL | In Scope | 22:39 |
| Added | *.globalentry.gov | URL | In Scope | 22:39 |
| Added | *.homelandsecurity.gov | URL | In Scope | 22:39 |
| Added | *.ice.gov | URL | In Scope | 22:39 |
| Added | *.juntos.gov | URL | In Scope | 22:39 |
| Added | *.listo.gov | URL | In Scope | 22:39 |
| Added | *.nic.gov | URL | In Scope | 22:39 |
| Added | *.niem.gov | URL | In Scope | 22:39 |
| Added | https://trumpcard.gov | URL | In Scope | 22:39 |
| Added | all third party sites and endpoints | OTHER | Out of Scope | 22:39 |
| Added | https://trumpcard.gov | URL | In Scope | 22:39 |
| Added | *.trumpcard.gov | URL | In Scope | 22:39 |
| Added | *.usss.gov | URL | In Scope | 22:39 |
| Added | *.uscis.gov | URL | In Scope | 22:39 |
| Added | *.uscg.gov | URL | In Scope | 22:39 |
| Added | *.us-cert.gov | URL | In Scope | 22:39 |
| Added | *.tsa.gov | URL | In Scope | 22:39 |
| Added | *.together.gov | URL | In Scope | 22:39 |
| Added | *.stopransomware.gov | URL | In Scope | 22:39 |
| Added | *.secretservice.gov | URL | In Scope | 22:39 |
| Added | *.schoolsafety.gov | URL | In Scope | 22:39 |
| Added | *.safetyact.gov | URL | In Scope | 22:39 |
| Added | *.readybusiness.gov | URL | In Scope | 22:39 |
| Added | *.ready.gov | URL | In Scope | 22:39 |
| Added | *.preventionresourcefinder.gov | URL | In Scope | 22:39 |
| Added | *.power2prevent.gov | URL | In Scope | 22:39 |
| Added | *.usss.gov | WILDCARD | In Scope | 22:39 |
| Added | *.safetyact.gov | WILDCARD | In Scope | 22:39 |
| Added | *.firstrespondertraining.gov | WILDCARD | In Scope | 22:39 |
| Added | *.cyber.gov | WILDCARD | In Scope | 22:39 |
| Added | *.together.gov | WILDCARD | In Scope | 22:39 |
| Added | *.readybusiness.gov | WILDCARD | In Scope | 22:39 |
| Added | *.globalentry.gov | WILDCARD | In Scope | 22:39 |
| Added | *.fleta.gov | WILDCARD | In Scope | 22:39 |
| Added | *.evus.gov | WILDCARD | In Scope | 22:39 |
| Added | *.dotgov.gov | WILDCARD | In Scope | 22:39 |
| Added | *.uscis.gov | WILDCARD | In Scope | 22:39 |
| Added | *.uscg.gov | WILDCARD | In Scope | 22:39 |
| Added | *.schoolsafety.gov | WILDCARD | In Scope | 22:39 |
| Added | *.preventionresourcefinder.gov | WILDCARD | In Scope | 22:39 |
| Added | *.niem.gov | WILDCARD | In Scope | 22:39 |
| Added | *.e-verify.gov | WILDCARD | In Scope | 22:39 |
| Added | *.biometrics.gov | WILDCARD | In Scope | 22:39 |
| Added | *.dhs.gov | WILDCARD | In Scope | 22:39 |
| Added | *.trumpcard.gov | WILDCARD | In Scope | 22:39 |
| Added | *.juntos.gov | WILDCARD | In Scope | 22:39 |
| Added | *.floodsmart.gov | WILDCARD | In Scope | 22:39 |
| Added | *.cybersecurity.gov | WILDCARD | In Scope | 22:39 |
| Added | *.ready.gov | WILDCARD | In Scope | 22:39 |
| Added | *.power2prevent.gov | WILDCARD | In Scope | 22:39 |
| Added | *.fema.gov | WILDCARD | In Scope | 22:39 |
Feb 25, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Added | *.disasterassistance.gov | WILDCARD | In Scope | 19:21 |
| Added | *.preventionresourcefinder.gov | WILDCARD | In Scope | 19:21 |
| Added | *.cbp.gov | WILDCARD | In Scope | 19:21 |
| Added | *.dotgov.gov | WILDCARD | In Scope | 19:21 |
| Added | *.everify.gov | WILDCARD | In Scope | 19:21 |
| Added | *.evus.gov | WILDCARD | In Scope | 19:21 |
| Added | *.fleta.gov | WILDCARD | In Scope | 19:21 |
| Added | *.fletc.gov | WILDCARD | In Scope | 19:21 |
| Added | *.globalentry.gov | WILDCARD | In Scope | 19:21 |
| Added | *.power2prevent.gov | WILDCARD | In Scope | 19:21 |
| Added | *.stopransomware.gov | WILDCARD | In Scope | 19:21 |
| Added | *.together.gov | WILDCARD | In Scope | 19:21 |
| Added | *.us-cert.gov | WILDCARD | In Scope | 19:21 |
| Added | *.biometrics.gov | WILDCARD | In Scope | 19:21 |
| Added | *.cpnireporting.gov | WILDCARD | In Scope | 19:21 |
| Added | *.fema.gov | WILDCARD | In Scope | 19:21 |
| Added | *.get.gov | WILDCARD | In Scope | 19:21 |
| Added | *.juntos.gov | WILDCARD | In Scope | 19:21 |
| Added | *.tsa.gov | WILDCARD | In Scope | 19:21 |
| Added | *.uscg.gov | WILDCARD | In Scope | 19:21 |
| Added | *.dhs.gov | WILDCARD | In Scope | 19:21 |
| Added | *.cyber.gov | WILDCARD | In Scope | 19:21 |
| Added | *.cybersecurity.gov | WILDCARD | In Scope | 19:21 |
| Added | *.firstrespondertraining.gov | WILDCARD | In Scope | 19:21 |
| Added | *.readybusiness.gov | WILDCARD | In Scope | 19:21 |
| Added | *.trumpcard.gov | WILDCARD | In Scope | 19:21 |
| Added | https://trumpcard.gov | URL | In Scope | 19:21 |
| Added | *.listo.gov | WILDCARD | In Scope | 19:21 |
| Added | *.homelandsecurity.gov | WILDCARD | In Scope | 19:21 |
| Added | *.niem.gov | WILDCARD | In Scope | 19:21 |
| Added | *.safetyact.gov | WILDCARD | In Scope | 19:21 |
| Added | *.secretservice.gov | WILDCARD | In Scope | 19:21 |
| Added | *.uscis.gov | WILDCARD | In Scope | 19:21 |
| Added | *.usss.gov | WILDCARD | In Scope | 19:21 |
| Added | *.cisa.gov | WILDCARD | In Scope | 19:21 |
| Added | *.e-verify.gov | WILDCARD | In Scope | 19:21 |
| Added | *.floodsmart.gov | WILDCARD | In Scope | 19:21 |
| Added | *.nic.gov | WILDCARD | In Scope | 19:21 |
| Added | *.nmsc.gov | WILDCARD | In Scope | 19:21 |
| Added | *.schoolsafety.gov | WILDCARD | In Scope | 19:21 |
| Added | all third party sites and endpoints | OTHER | Out of Scope | 19:21 |
| Added | *.ice.gov | WILDCARD | In Scope | 19:21 |
| Added | *.ready.gov | WILDCARD | In Scope | 19:21 |
| Added | *.everify.gov | URL | In Scope | 17:20 |
| Added | *.uscis.gov | WILDCARD | In Scope | 17:20 |
| Added | *.uscg.gov | WILDCARD | In Scope | 17:20 |
| Added | *.stopransomware.gov | WILDCARD | In Scope | 17:20 |
| Added | *.readybusiness.gov | WILDCARD | In Scope | 17:20 |
| Added | *.nic.gov | WILDCARD | In Scope | 17:20 |
| Added | *.fleta.gov | WILDCARD | In Scope | 17:20 |
| Added | *.evus.gov | WILDCARD | In Scope | 17:20 |
| Added | *.everify.gov | WILDCARD | In Scope | 17:20 |
| Added | *.disasterassistance.gov | WILDCARD | In Scope | 17:20 |
| Added | *.cpnireporting.gov | WILDCARD | In Scope | 17:20 |
| Added | *.cisa.gov | WILDCARD | In Scope | 17:20 |
| Added | *.dhs.gov | WILDCARD | In Scope | 17:20 |
| Added | *.preventionresourcefinder.gov | WILDCARD | In Scope | 17:20 |
| Added | *.us-cert.gov | WILDCARD | In Scope | 17:20 |
| Added | *.schoolsafety.gov | WILDCARD | In Scope | 17:20 |
| Added | *.juntos.gov | WILDCARD | In Scope | 17:20 |
| Added | *.cbp.gov | WILDCARD | In Scope | 17:20 |
| Added | *.power2prevent.gov | WILDCARD | In Scope | 17:20 |
| Added | all third party sites and endpoints | OTHER | Out of Scope | 17:20 |
| Added | https://trumpcard.gov | URL | In Scope | 17:20 |
| Added | *.trumpcard.gov | URL | In Scope | 17:20 |
| Added | *.usss.gov | URL | In Scope | 17:20 |
| Added | *.uscis.gov | URL | In Scope | 17:20 |
| Added | *.uscg.gov | URL | In Scope | 17:20 |
| Added | *.us-cert.gov | URL | In Scope | 17:20 |
| Added | *.tsa.gov | URL | In Scope | 17:20 |
| Added | *.together.gov | URL | In Scope | 17:20 |
| Added | *.stopransomware.gov | URL | In Scope | 17:20 |
| Added | *.secretservice.gov | URL | In Scope | 17:20 |
| Added | *.schoolsafety.gov | URL | In Scope | 17:20 |
| Added | *.safetyact.gov | URL | In Scope | 17:20 |
| Added | *.readybusiness.gov | URL | In Scope | 17:20 |
| Added | *.ready.gov | URL | In Scope | 17:20 |
| Added | *.preventionresourcefinder.gov | URL | In Scope | 17:20 |
| Added | *.power2prevent.gov | URL | In Scope | 17:20 |
| Added | *.nmsc.gov | URL | In Scope | 17:20 |
| Added | *.niem.gov | URL | In Scope | 17:20 |
| Added | *.nic.gov | URL | In Scope | 17:20 |
| Added | *.listo.gov | URL | In Scope | 17:20 |
| Added | *.juntos.gov | URL | In Scope | 17:20 |
| Added | *.ice.gov | URL | In Scope | 17:20 |
| Added | *.homelandsecurity.gov | URL | In Scope | 17:20 |
| Added | *.globalentry.gov | URL | In Scope | 17:20 |
| Added | *.get.gov | URL | In Scope | 17:20 |
| Added | *.floodsmart.gov | URL | In Scope | 17:20 |
| Added | *.fletc.gov | URL | In Scope | 17:20 |
| Added | *.fleta.gov | URL | In Scope | 17:20 |
| Added | *.firstrespondertraining.gov | URL | In Scope | 17:20 |
| Added | *.fema.gov | URL | In Scope | 17:20 |
| Added | *.evus.gov | URL | In Scope | 17:20 |
| Added | *.e-verify.gov | URL | In Scope | 17:20 |
| Added | *.dotgov.gov | URL | In Scope | 17:20 |
| Added | *.disasterassistance.gov | URL | In Scope | 17:20 |
| Added | *.cybersecurity.gov | URL | In Scope | 17:20 |
| Added | *.cyber.gov | URL | In Scope | 17:20 |
| Added | *.cpnireporting.gov | URL | In Scope | 17:20 |
| Added | *.cisa.gov | URL | In Scope | 17:20 |
| Added | *.cbp.gov | URL | In Scope | 17:20 |
| Added | *.biometrics.gov | URL | In Scope | 17:20 |
| Added | *.dhs.gov | URL | In Scope | 17:20 |
| Added | all third party sites and endpoints | OTHER | Out of Scope | 17:20 |
| Added | *.fletc.gov | WILDCARD | In Scope | 17:20 |
| Added | *.nmsc.gov | WILDCARD | In Scope | 17:20 |
| Added | *.secretservice.gov | WILDCARD | In Scope | 17:20 |
| Added | *.cyber.gov | WILDCARD | In Scope | 17:20 |
| Added | *.dotgov.gov | WILDCARD | In Scope | 17:20 |
| Added | *.firstrespondertraining.gov | WILDCARD | In Scope | 17:20 |
| Added | *.get.gov | WILDCARD | In Scope | 17:20 |
| Added | *.globalentry.gov | WILDCARD | In Scope | 17:20 |
| Added | *.ice.gov | WILDCARD | In Scope | 17:20 |
| Added | *.floodsmart.gov | WILDCARD | In Scope | 17:20 |
| Added | *.homelandsecurity.gov | WILDCARD | In Scope | 17:20 |
| Added | *.fema.gov | WILDCARD | In Scope | 17:20 |
| Added | *.together.gov | WILDCARD | In Scope | 17:20 |
| Added | https://trumpcard.gov | URL | In Scope | 17:20 |
| Added | *.biometrics.gov | WILDCARD | In Scope | 17:20 |
| Added | *.cybersecurity.gov | WILDCARD | In Scope | 17:20 |
| Added | *.safetyact.gov | WILDCARD | In Scope | 17:20 |
| Added | *.tsa.gov | WILDCARD | In Scope | 17:20 |
| Added | *.usss.gov | WILDCARD | In Scope | 17:20 |
| Added | *.e-verify.gov | WILDCARD | In Scope | 17:20 |
| Added | *.listo.gov | WILDCARD | In Scope | 17:20 |
| Added | *.niem.gov | WILDCARD | In Scope | 17:20 |
| Added | *.ready.gov | WILDCARD | In Scope | 17:20 |
| Added | *.trumpcard.gov | WILDCARD | In Scope | 17:20 |