Lockheed Martin
Lockheed Martin is a leading global security, defense and aerospace contractor, ensuring those we serve always stay ahead of ready.
External Program
Submit bugs directly to this organization
Lockheed Martin
Lockheed Martin is a leading global security, defense and aerospace contractor, ensuring those we serve always stay ahead of ready.
External Program
Submit bugs directly to this organization
We take the security of our systems, assets, products, and platforms seriously, and we value the security community. The disclosure of security vulnerabilities and issues helps us ensure the security and privacy of our users. If you believe you have found a vulnerability in a Lockheed Martin public-facing system, asset, product, or platform, please submit the vulnerability information to Lockheed Martin through a communication method described below.
If you believe you have found a security vulnerability in one of our public-facing systems, assets, products, or platforms please send it to us by submitting a report to the Lockheed Martin VDP. Please include the following details with your report:
All submissions must be made by sending to the email address above.
If valid, Lockheed Martin will confirm the receipt of your report within 3 business days of submission.
We currently do not financially compensate discoveries or bug bounties.
This vulnerability disclosure process is intended for use by non-Lockheed Martin employees/contractors. Lockheed Martin employees/contractors should contact their Business Area Information Security Officer to report any vulnerabilities they discover.
We require that all researchers and reporters:
If you follow the guidelines listed above, Lockheed Martin will not pursue any legal action against you related to your research.
If at any time you have concerns or are uncertain whether your security research is consistent with this policy, please submit a report through our official channels (Contact Lockheed Martin VDP) before going any further.
When working with us according to this policy, you can expect us to:
Lockheed Martin considers security research and vulnerability disclosure activities conducted consistent with this policy to be "authorized" conduct under the Computer Fraud and Abuse Act and other applicable computer use laws. To promote disclosure under this policy, Lockheed Martin will not pursue civil or criminal action, or send notice to law enforcement for accidental or good faith violations of this policy. Lockheed Martin, however, has the sole right to make the determination of whether a violation of this policy is accidental or in good faith.
You are expected, as always, to comply with all applicable US and international laws. If research involves information, applications, products, or services of a third party Lockheed Martin cannot bind that third party, and they may pursue legal action or provide notice to law enforcement. Lockheed Martin does not authorize research in the name of other entities, and cannot in any way offer to defend, indemnify, or otherwise protect you from any third party action based on your actions.
Lockheed Martin will review your report and determine if your findings are valid and not previously reported. Public disclosure of the details of any identified or potential vulnerability without express written consent will be considered as noncompliant with our submission guidelines and not protected by our Safe Harbor policies.
To communicate with us in a verifiably secure manner as necessary, please contact us using PGP. Our fingerprint to verify our messages:
2F9BE9D2D2F61D83528641407B04B468FED0DCA