Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you're on a federal government site.


The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Vulnerability Disclosure Policy

The Farm Credit Administration is issuing this Vulnerability Disclosure Policy (VDP or policy) under the Department of Homeland Security Directive 20-01 to give security researchers guidelines for conducting vulnerability discovery activities and for reporting vulnerabilities to us.

We are committed to maintaining the security of our systems and protecting sensitive information from unauthorized disclosure, and we encourage security researchers to contact us to report potential vulnerabilities in our systems. Pursuant to the Binding Operational Directive (BOD), all good faith reporters will be treated the same way under this policy.

A vulnerability (PDF) is a weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source. Vulnerability disclosure is the act of initially providing vulnerability information to us that you believe we are not aware of. The individual or organization that performs this act is called the reporter or researcher.

This policy describes what systems and types of research are covered under this policy, how to send us vulnerability reports, and how long we ask security researchers to wait before publicly disclosing vulnerabilities.

Please send any questions regarding this policy, or recommendations for improving it, to [email protected].

Page updated: September 01, 2022