Reporting a cyber security issue
To improve the protection of its information and communication technologies (ICT) systems and assets, UN Women encourages the public to assist with its efforts by disclosing vulnerabilities in UN Women’s publicly accessible information systems and assets as well as reporting cyber security issues.
What to report to UN Women
The public is invited to report cyber security issues, incidents, and details of vulnerabilities associated with publicly accessible UN Women ICT systems, including websites.
UN Women will accept disclosures of vulnerabilities and cyber security issues and incidents under the following conditions:
- The vulnerability and/or cyber security issue or incident has not already been publicly disclosed.
- The vulnerability and/or cyber security issue or incident should be reported to UN Women as quickly as possible after its discovery.
- The findings must remain confidential for at least 90 days following the date the vulnerability or cyber security issue or incident was reported to UN Women or until public disclosure of the vulnerability has been made on this website.
- The severity of a vulnerability finding is assessed by UN Women at its own discretion.
- The name and contact information of the reporter may be disclosed to affected technology vendor(s) unless otherwise requested by the reporter.
- UN Women reserves the right to accept or reject any security vulnerability or cyber security issue or incident disclosure report at its discretion.
If you believe you have found a vulnerability or issue and would like to report it, we ask that you submit a detailed description of the issue to us, including the steps that we can take to reproduce the issue and/or a proof-of-concept. As much information as possible regarding the finding should be communicated to UN Women to enable the organization to reproduce and verify the vulnerability, issue or incident, in order to implement appropriate remediation actions.
Once you submit a report to UN Women, please allow the information security team a reasonable amount of time to respond to your report and correct the issue.
If more information is required regarding a reported finding, UN Women may contact the reporter; therefore, it is important to provide valid contact details, including email address and/or telephone number.
If the conditions listed above are satisfied, UN Women will verify the existence of the vulnerability, notify affected parties, and implement actions to mitigate the vulnerability.
Once the vulnerability has been removed, the reporter will be acknowledged and listed on this page (unless s/he wishes to remain anonymous) along with a short description of the vulnerability or issue reported.
By reporting vulnerability findings to UN Women, the reporter acknowledges that such reporting is provided pro bono and without expectation of financial or other compensation. The reporter also affirms that neither s/he nor any entity that s/he represents is complicit in human rights abuses, tolerates forced or compulsory labour or uses child labour, is involved in the sale or manufacture of anti-personnel mines or their components, or does not meet the purposes and principles of the United Nations.
UN Women Information Security Hall of Fame
UN Women is grateful to the following individuals and organizations that have helped UN Women to improve the security of the organization’s information systems, data, and ICT resources by reporting security issues and vulnerabilities discovered.
[list of individuals and organizations coming soon]