Our information security team is working to protect Fox Corporation’s information assets, services and products, and the confidentiality of customer information. We also recognize the valuable role the research community plays in identifying vulnerabilities. If you believe you have found a security vulnerability impacting Fox Corporation, we encourage you to let us know right away. We will investigate all legitimate reports and do our best to quickly fix the problem.
So that we can respond to and address security issues effectively, and continue to provide the best services and user experience possible, we ask that you:
- Give us reasonable time to investigate and address the potential vulnerability, and do not post information or share it with others until we have responded to and addressed the issue.
- Do not access customer or employee personal information, pre-release Fox Corporation content, Fox Corporation confidential information, or any non-public application or non-public credentials.
- If you accidentally access any of non-public Fox Corporation or customer information in the course of your research, please immediately stop testing, submit the vulnerability (including information regarding what you accessed), and do not maintain copies of any such information or share it with any third party.
- Do not violate privacy rules, disrupt or degrade our systems or operations, or access data without authorization.
- Timely notify us of any vulnerability and do not exploit a security issue you discover for any reason. (For example, please do not conduct further “tests” to confirm the vulnerability or demonstrate additional risk by compromising our systems or accessing sensitive company data, and please do not probe for additional issues.)
- Do not cause harm to Fox Corporation or our customers, and do not violate the law.
For our part, to encourage responsible disclosure, Fox Corporation:
- Agrees to investigate and attempt to resolve the issue quickly, and do our best to respond within 30 days, or sooner if possible; and
- Agrees that we will not initiate claims against you if you have followed the above guidelines.
To report a potential vulnerability, please email firstname.lastname@example.org, and provide details regarding your discovery that allow us to reproduce the issue, and, if you do not mind, also a way to contact you if we have further questions.