HarperCollins Publishers Vulnerability Disclosure Program
1. What is a Security Vulnerability?
A security vulnerability is a weakness, flaw, or error found within a system that has the potential to be leveraged by a threat agent to compromise the confidentiality, integrity or availability of the system.
HarperCollins values the efforts of and role that the information security community plays to identify new threats and help businesses to protect their information assets. We encourage the reporting of any possible security vulnerabilities that may be found in our information assets. We take security seriously and will investigate all reported vulnerabilities. If you have any information about a possible security vulnerability in our information assets, please let us know right away.
2. How to Report a Security Vulnerability
Our vulnerability disclosure program is managed by Bugcrowd. Submissions are subject to Bugcrowd’s Standard Disclosure Terms. Please send us an email at [email protected] and include relevant information listed under Bugcrowd's Report a Bug page. We will forward your email to Bugcrowd for review.
3. Public Notification
In order to protect our customers, HarperCollins asks that you do not post or share any information about a potential vulnerability in a public setting until we have researched, responded to and addressed the vulnerability.