Learn how to report a security vulnerability to The New York Times. 

The introduction of bugs during the building and coding of technology is part of the development cycle. While bugs aren’t inherently harmful, many can be taken advantage of to force software to act in ways not intended to gain unauthorized access to or perform unauthorized actions.

The New York Times recognizes the efforts of the information security community to protect The New York Times’s information assets, and offers a Vulnerability Disclosure Program to facilitate reporting security related bugs in The New York Times’s information assets. Security researchers are welcome to voluntarily report security vulnerabilities using this program.

How to Report a Security Vulnerability  

You can report a security vulnerability by submitting a Vulnerability Report.  

The submission is subjected to the terms and conditions set forth on our Vulnerability Disclosure Policy and the terms and conditions and disclosure guidelines outlined on the vulnerability disclosure form’s page. 

By submitting a vulnerability report to The New York Times Vulnerability Disclosure Program, the researcher agrees to these terms and conditions.