Protecting Nominet’s registry services from attack is key to maintaining the high standard of service people expect – the newly adopted Vulnerability Disclosure Programme will help us achieve that. We are using an experienced third-party platform, HackerOne, with clear guidelines that will make it easy for security researchers to report vulnerabilities to us. The HackerOne service enables swift triage of any findings which will get escalated to Nominet for action. Researchers will get rewarded in status points on the platform for submitting valid vulnerability reports which will raise their profile and reputation.
Please visit our HackerOne page to review our full Vulnerability Disclosure Policy. Public disclosure of a vulnerability will be following mutual agreement by both parties, please see HackerOne’s disclosure guidelines for further information.