The State of Minnesota and Minnesota IT Services (MNIT) takes the security of our applications seriously. We value the security research community. By working together, we can help ensure the security and privacy of State of Minnesota systems and data. The Vulnerability Disclosure Program provides a comfortable environment for any person or security researcher to report suspected vulnerabilities they discover. The state’s policy outlines guidance for any person or security researchers using the Vulnerability Disclosure Program, including in-scope applications, how to report vulnerabilities, what we ask of researchers, and what researchers can expect from MNIT.
The Vulnerability Disclosure Program allows any person or security researcher to report suspected weaknesses, flaws, or errors to better ensure the security and privacy of State of Minnesota executive branch systems and data.
State of Minnesota Vulnerability Disclosure Policy (PDF)