Vulnerability Disclosure Program (VDP)

VDPs are meant for responsibly reporting vulnerabilities you encounter — not for actively hunting for fame or reputation. Even if you're just starting out, consider focusing on rewarded bug bounty programs instead.

onrr-vdp

BugcrowdView on Bugcrowd

RawAI Enhanced

In Scope

Out of Scope

In-Scope Assets (2)

Asset	Category	Bounty	Quick Links
https://revenuedata.doi.gov/	URL	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
https://www.onrr.gov/	URL	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa

Scope Changes (10)

Mar 5, 2026

Change	Asset	Category	Scope	Time
Added	https://revenuedata.doi.gov/	URL	In Scope	22:36
Added	https://www.onrr.gov/	URL	In Scope	22:36
Added	https://www.onrr.gov/	URL	In Scope	22:36
Added	https://revenuedata.doi.gov/	URL	In Scope	22:36

Feb 25, 2026

Change	Asset	Category	Scope	Time
Added	https://revenuedata.doi.gov/	URL	In Scope	19:18
Added	https://www.onrr.gov/	URL	In Scope	19:18
Added	https://www.onrr.gov/	URL	In Scope	17:18
Added	https://revenuedata.doi.gov/	URL	In Scope	17:18
Added	https://www.onrr.gov/	URL	In Scope	17:18
Added	https://revenuedata.doi.gov/	URL	In Scope	17:18