Vulnerability Disclosure Program (VDP)
VDPs are meant for responsibly reporting vulnerabilities you encounter — not for actively hunting for fame or reputation. Even if you're just starting out, consider focusing on rewarded bug bounty programs instead.
ssa-vdp
5
In Scope
2
Out of Scope
In-Scope Assets (5)
| Asset | Category | Bounty | Quick Links | |
|---|---|---|---|---|
| SSA CIDR Range 1 | OTHER | No | - | |
| SSA CIDR Range 2 | OTHER | No | - | |
| https://*.segurosocial.gov/* | URL | No | ||
| https://*.socialsecurity.gov/* | URL | No | ||
| https://*.ssa.gov/* | URL | No |
Out-of-Scope Assets (2)
| Asset | Category | Bounty | |
|---|---|---|---|
| Targets not expressly listed as In Scope are Out of Scope | OTHER | No | |
| https://foia.ssa.gov | URL | No |
Scope Changes (34)
Mar 5, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Added | *.segurosocial.gov | WILDCARD | In Scope | 22:34 |
| Added | *.socialsecurity.gov | URL | In Scope | 22:34 |
| Added | *.socialsecurity.gov | WILDCARD | In Scope | 22:34 |
| Added | *.ssa.gov | WILDCARD | In Scope | 22:34 |
| Added | *.ssa.gov | URL | In Scope | 22:34 |
| Added | *.segurosocial.gov | URL | In Scope | 22:34 |
| Added | https://foia.ssa.gov | URL | Out of Scope | 22:34 |
| Added | targets not expressly listed as in scope are out of scope | OTHER | Out of Scope | 22:34 |
| Added | https://foia.ssa.gov | URL | Out of Scope | 22:34 |
| Added | targets not expressly listed as in scope are out of scope | OTHER | Out of Scope | 22:34 |
| Added | ssa cidr range 2 | OTHER | In Scope | 22:34 |
| Added | ssa cidr range 1 | OTHER | In Scope | 22:34 |
| Added | ssa cidr range 2 | OTHER | In Scope | 22:34 |
| Added | ssa cidr range 1 | OTHER | In Scope | 22:34 |
Feb 27, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Added | https://foia.ssa.gov | URL | Out of Scope | 19:40 |
| Added | https://foia.ssa.gov | URL | Out of Scope | 19:40 |
Feb 25, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Added | ssa cidr range 2 | OTHER | In Scope | 19:17 |
| Added | *.socialsecurity.gov | WILDCARD | In Scope | 19:17 |
| Added | targets not expressly listed as in scope are out of scope | OTHER | Out of Scope | 19:17 |
| Added | *.ssa.gov | WILDCARD | In Scope | 19:17 |
| Added | *.segurosocial.gov | WILDCARD | In Scope | 19:17 |
| Added | ssa cidr range 1 | OTHER | In Scope | 19:17 |
| Added | *.ssa.gov | URL | In Scope | 17:17 |
| Added | *.segurosocial.gov | WILDCARD | In Scope | 17:17 |
| Added | *.ssa.gov | WILDCARD | In Scope | 17:17 |
| Added | targets not expressly listed as in scope are out of scope | OTHER | Out of Scope | 17:17 |
| Added | ssa cidr range 2 | CIDR | In Scope | 17:17 |
| Added | ssa cidr range 1 | CIDR | In Scope | 17:17 |
| Added | *.socialsecurity.gov | WILDCARD | In Scope | 17:17 |
| Added | targets not expressly listed as in scope are out of scope | OTHER | Out of Scope | 17:17 |
| Added | ssa cidr range 2 | OTHER | In Scope | 17:17 |
| Added | ssa cidr range 1 | OTHER | In Scope | 17:17 |
| Added | *.socialsecurity.gov | URL | In Scope | 17:17 |
| Added | *.segurosocial.gov | URL | In Scope | 17:17 |