1. Safe Harbor. If you submit a vulnerability report to us, using the process outlined below, in compliance with all of the terms in these Terms of Use, we will not pursue civil action or initialize a complaint to law enforcement against you for accessing our systems without authorization in order to identify that vulnerability.

  2. Submission Process. Please submit all vulnerability reports to us by email at the email address ResponsibleDisclosure@bcg.com. In each report submitted, include:

    a. a description of the vulnerability;
    b. the URL, IP address, port, or other information that would assist us in locating the vulnerability;
    c. detailed and clear steps to reproduce the issue (including logs, screenshots, responses, or other evidence) or proof of concept code;
    d. how you found the issue;
    e. presumed impact;
    f. any remediation steps you would suggest; and
    g. your name and contact details

  3. Scope. You may not access any individual workstation, or system, network, content, application or data of any third party, in connection with this program. The safe harbor described above does not apply to any such system, network content, application or data.
  4. Methodology. You may not engage in any denial of service attack, attempts to compromise physical security or enter physical premises, or other destructive methodologies. As soon as you have identified the vulnerability, you must cease testing of it and report it as described above. The safe harbor described above does not apply to any activity that violates the terms of this Section.
  5. No Access to Personal Data or Misuse of Data. By participating in this program, you represent that you have not at any time accessed personal data of our customers or users found on our systems, and that, in the event that you inadvertently acquired any, you have securely deleted that data. You represent that you have not, and covenant that you will not, misuse any data extracted from our environment for any fraudulent, malicious, defamatory, abusive, threatening, unlawful or otherwise improper purpose.
  6. Intellectual Property Rights. By submitting information relating to a vulnerability, you grant us a perpetual, worldwide, royalty-free, fully paid-up license to use and disclose any information you submit, including any proofs of concept, patches, improvements, suggestions, code samples or any other information, in connection with the vulnerability to analyze, remediate or improve our systems and networks, incorporate it into our products or services, and to conduct further testing, or for any other legitimate business purpose. We do not grant you any intellectual property rights to any image, information, writing, invention, code or other creation in connection with these Terms of Use.
  7. Sanctions. By submitting information relating to a vulnerability, you represent that you are not subject to any export sanctions or other trade restrictions, whether due to being included on the sanctions list maintained by the U.S. Office of Foreign Assets Control, or other governmental bodies in the United States or European Union, individually, being a member of an organization on that list, or being a resident of a country that is sanctioned by the United States or European Union.
  8. Independent Contractor. Nothing in connection with your submission of a vulnerability shall indicate the you are an employee of BCG and the relationship between you and BCG shall not constitute a partnership, joint venture or agency. You shall not have the authority to make any statement, representation or commitment on BCG’s behalf.
  9. Disclaimer of Liability and Obligation. BCG, it’s officers, affiliates, representatives, contractors and employees shall not be liable to you in connection with these Terms of Use for any direct, indirect, exemplary, incidental, special or consequential damages. Unless otherwise agreed by BCG, any information submitted by you in connection with a vulnerability is provided at no charge and BCG shall not owe you any fee for that submission or any services performed or expenses incurred.
  10. Miscellaneous. These Terms of Use are governed by the laws of the Commonwealth of Massachusetts, without regard to conflict of laws principles. You shall not use any logo or other trademark of BCG without our explicit prior consent.
  11. Encrypted Messages. Please use our PGP key posted in the collapsible element below to send an encrypted message.
Expand All
PGP Public Key
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGP Universal 10.5.0 (Build 1721)

mQENBGOQrAwBCAC9sD5T/S+OKMb7HGuPwIcPXI8vW5urDYJSlGgqHQnzjYO6t+L6 jUe34+qFaFRs1GAe84xZeGnsTjlpSocuZr//6P+LAqB/5IjxCTZYnzNDhin50ypu MWmrgEll6E+A2n0UXVH4jEPTojU9bdDbR9iqoe/r/RSeAnqSQRl7+mX4BmkfU1P2 8n+WwOTDTPwfMwDZg9BOIcRePw4KU5qr8EQ7koViImNsMlC7UlcWhXD+BWda1mUC
Nt98sXvXES9Cw9f3N/nOEjdIuxta6867/Ro+RzUAYGVGP4H9qucWV4MMK4/6dH4l
zphMkRXjW5W3kg3SkvoxgPyydN8qusCnG+8ZABEBAAG0NlJlc3BvbnNpYmxlIERp
c2Nsb3N1cmUgPFJlc3BvbnNpYmxlRGlzY2xvc3VyZUBiY2cuY29tPokB0wQQAQgA
vQUCY5CsEAUJA8JnABsUAAAAAAARAAFrZXktdXNhZ2VAcGdwLmNvbY8gFAAAAAAA
FgABa2V5LXVzYWdlLW1hc2tAcGdwLmNvbY8wFIAAAAAAIAAHcHJlZmVycmVkLWVt
YWlsLWVuY29kaW5nQHBncC5jb21wZ3BtaW1lBgsJAwIBCgIZAQUXgAAAAB0YbGRh
cDovL2FkY2V4Y2VuY3B2MDIuYmNnLmNvbQUbgQAAAAMWAgEFHgEAAAAEFQgJCgAK
CRDARoinoTMJywRtB/9SGS7NRJBl4AZTRJJc+7YbSS42G0jcqEhOow3/WiPlkvMC
t40DWaKCkpg+x2GEJkrzFhNZgdDBF37Yn1bcfvOU5OcUCsSjwS7uCZeEQsLVrNEQ
YGNhNCDu729vGtYlMxpCUyeKDuxscciijMDRHgWy/G5ervIGXrr3qXkOqODZWh94
Y11OZeZsH7tLdmVo7mOQyF2k1dLOZh3++M+/3nG364boV9DMXwfkmhivXNozjfbG
U568iY9fKdSbDhQ3YB1ST02izUSnNXbd2WVpHfUxhFZgNOjZ672NlQsmgrfyP1j2
qos3aevjuIamKCiLa5iKyrYayX/1pQts1jZ1/UtmiQEiBBABCAAMBQJjkKwMBQMD
wmcAAAoJEL0x+ebBarb1azQH/22iJD+BETGJ8FIZ+t+K+5skHIAnINCBMJ8EajV4
F3LDPbL2uBKzTnWdouW1EFfaGIFJqvDdwg5INnbzYOTQn6yFFNWsyeq9zV8ZSauE
MRl8I8rwYCOVeS8uP6ujL0VyJ29SD2BxDgikGdpY/xD9rchRVaC/E20TH/+jmVZ4
Y07r79CxflhPkr1Ml17ES3CX+XaYsc6VoDWofxzbWicJNjstlAR3t4JvUoHw7MsH
LGOMOmRqpAjENw2DQ80Eh3voMa0mKvTljh5c73VApO+n1gPI/cAvIwunLNmNOQnD
cJpAIvwRXP6kspsSMS8O5SQ+fIv8puA21z8K1G8J0u0jNCu0TFJlc3BvbnNpYmxl
IERpc2Nsb3N1cmUgPFJlc3BvbnNpYmxlRGlzY2xvc3VyZS5SZXNwb25zaWJsZURp
c2Nsb3N1cmVAYmNnLmNvbT6JAdAEEAEIALoFAmOQrBAFCQPCZwAbFAAAAAAAEQAB
a2V5LXVzYWdlQHBncC5jb22PIBQAAAAAABYAAWtleS11c2FnZS1tYXNrQHBncC5j
b22PMBSAAAAAACAAB3ByZWZlcnJlZC1lbWFpbC1lbmNvZGluZ0BwZ3AuY29tcGdw
bWltZQYLCQMCAQoFF4AAAAAdGGxkYXA6Ly9hZGNleGNlbmNwdjAyLmJjZy5jb20F
G4EAAAADFgIBBR4BAAAABBUICQoACgkQwEaIp6EzCcu6FAgAo/7K0f8d3dLgLGxS
T8DtLNA4eAKYPUl6mKejl5AjbZIZbx8rEtuvOT4SUpWE+rg6T2TyvEGYYBHNT0jU
7SRScW5gEjGoHtd+TgZIPOMP+YGbJWO94ivL7rBl7vMLpUmZ2bAfO96N1MQLish2
FnM+NvCsvdPHeCZgihyFnP8re1TVgMLL4gfCixZ54VJvbi3LG5+IulIcgD9QEEpf
Lrwl1K/t6tjEtzN+miykxN6dJnpNK5M3fdKknRnwi0MUczHkGfUVokFpgPPAHoD8
lFLJymcOBC12T7dK21yRFudUlnxtC+yEkpgQAA1fzgdnWvm4TncAsc6XK4sSlJWJ
3KyriIkBIgQQAQgADAUCY5CsDAUDA8JnAAAKCRC9MfnmwWq29RwaB/0dA2TSSqXx
YqBzpa+3ReZ+42KWbZL14xND3gBYo3MHQGYXQwAPeTagyHPLRkA3M268l3OmZUoO
diKngIt/YlOntIbE2VwpmF72C6/bOB0Er7W2CZc85A1U8JJyr8+r2Yy0HnL5+BB0
WwHqO4W1oXM5zeCcMwuEwCmnB74CkZEqGF9GMHMHn0qm/CabzMvwrccZLI6Kw9O2
He3CdzLwqY8LXEnAhm07NhndDYvoU5xH1yJVz9HpopL0yc5qLW9v721P0a7Yqak0
h9+3U4j9rMVclCyRYYvJDh6pSvS4L+Y/5JdbTBlt7kr0s1/CHzWyg6zgPldEErPo
erb0HShFR1G6uQENBGOQrAwBCADPUjdfKLtt0qdzXvPdpXjJru5CSJUgAkooIK2Y
lKac1wStF4eFiLJh8gW1QOJy9XV7EKUmJHifhZzQOvcnbIrbWpHApc5BImKGqxcN
X/N34rGLR+BBY4Iv8tYBDq4soEGaQuCufXJ/p9+p2a2OmaKCt3Q6CJzHKUKAAnSs
/g07Uv4TE0kuOANQCxeNpkrobB9r2aCvclQ1C+RfmHN7f6JXU0OyDU5mzvHYAv5/
EbKnTRWZUR9HValg3WjyM0H5iEsU4jvaY8nSfl+uX5FVEZsWY9xI6h5c2+z/iedP
xwYmdiBDc6HkuxduKp8FSAbm+V+0A+CmddviIJoeu+mykstjABEBAAGJB7IEGAEI
BpwFAmOQrBEFCQA0E0HEqRQAAAAAABcFSXg1MDljZXJ0aWZpY2F0ZUBwZ3AuY29t
MIIFRTCCBC2gAwIBAgIUT2O831jkPNu1nIdLO9bS0uqDqgQwDQYJKoZIhvcNAQEL
BQAwgaIxEDAOBgNVBAMTB2JjZy5jb20xJDAiBgNVBAoTG1RoZSBCb3N0b24gQ29u
c3VsdGluZyBHcm91cDEYMBYGA1UECxMPR2xvYmFsIFNlcnZpY2VzMQ8wDQYDVQQH
EwZCb3N0b24xCzAJBgNVBAgTAk1BMQswCQYDVQQGEwJVUzEjMCEGCSqGSIb3DQEJ
AQwUV1dJVFNlY3VyaXR5QGJjZy5jb20wHhcNMjIxMjA3MTUwNjUzWhcNMjMwMTE1
MTUwNjUzWjBPMSwwKgYJKoZIhvcNAQkBFh1SZXNwb25zaWJsZURpc2Nsb3N1cmVA
YmNnLmNvbTEfMB0GA1UEAxMWUmVzcG9uc2libGUgRGlzY2xvc3VyZTCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAM9SN18ou23Sp3Ne892leMmu7kJIlSAC
SiggrZiUppzXBK0Xh4WIsmHyBbVA4nL1dXsQpSYkeJ+FnNA69ydsittakcClzkEi
YoarFw1f83fisYtH4EFjgi/y1gEOriygQZpC4K59cn+n36nZrY6ZooK3dDoInMcp
QoACdKz+DTtS/hMTSS44A1ALF42mSuhsH2vZoK9yVDUL5F+Yc3t/oldTQ7INTmbO
8dgC/n8RsqdNFZlRH0dVqWDdaPIzQfmISxTiO9pjydJ+X65fkVURmxZj3EjqHlzb
7P+J50/HBiZ2IENzoeS7F24qnwVIBub5X7QD4KZ12+Igmh676bKSy2MCAwEAAaOC
AcMwggG/MB0GCisGAQQBmkkIAQEEDxcNMjIxMjA3MTUwNjUyWjAOBgNVHQ8BAf8E
BAMCAzgwEwYDVR0lBAwwCgYIKwYBBQUHAwQwEQYDVR0OBAoECDvW0tLqg6oEMF0G
A1UdEQRWMFSBHVJlc3BvbnNpYmxlRGlzY2xvc3VyZUBiY2cuY29tgTNSZXNwb25z
aWJsZURpc2Nsb3N1cmUuUmVzcG9uc2libGVEaXNjbG9zdXJlQGJjZy5jb20wEwYD
VR0jBAwwCoAIvTH55sFqtvUwgfEGA1UdHwSB6TCB5jCB46CB4KCB3YZFaHR0cDov
L2tleXMuYmNnLmNvbTo4MC9jcmwvUmV2b2tlZENlcnRpZmljYXRlc18weEJEMzFG
OUU2QzE2QUI2RjUuY3JshoGTbGRhcDovL2tleXMuYmNnLmNvbTozODkvcGdwS2V5
SUQ9MHhCRDMxRjlFNkMxNkFCNkY1LGNuPVJldm9rZWQlMjBDZXJ0aWZpY2F0ZXMs
bz1DUkw/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdD9iYXNlP29iamVjdGNsYXNz
PWNSTERpc3RyaWJ1dGlvblBvaW50MA0GCSqGSIb3DQEBCwUAA4IBAQA4lX+/Q7+9
Jf1ysh06CYg8r+Lry9gU50usUhhgKoCbY5n67uISiMr09hVZniQjNajt8oxyvqJJ
jcRAtBiuo7x0mWJMWHqM01ChbhmYsdATStiRalA3I1grn3XhsawFg2z5Q6Qo6LJW
agWQpXhNaZej3Ytgio+vG51oSuZcyahldPZ5MLfmlXHsFEf/k2VeYSH+K2vSN45F
H5hDYXsfrcFArluqB0a37IIMGgs95/ffbhex1zW2ku46OFM9zNSa6J1+AmE0riEi
PS8QL92CS5pZFk536wLUBJEba2ppZGefgZhZv39NfECUcq5YGNA25JO3ni5ooeZB
w4wmJLQ0vKvSBRsMAAAAwF0gBBkBCAAGBQJjkKwMAAoJEDvW0tLqg6oExZ0H/0ms
UuTXK65uOMcWosvvtL2n40oA0IrjCY4tSpcgBIAvRM0GTgl32VhxgHsIe+YTU5nQ
0BKG6lviSqnn2jbQgcuHs3Zelx32a1sGy5CI8Ti3xSRx10V/r2NiF0pmkf3xezwm
oA2Z/gvJQEnYVwGjNuglOIY7wpNIZ4AcF0RF4qp/JxOfaNLSm60TJzrRM7KKMYtl
vwey/FVDTeLQ3JN6vNhdr1LAZH/uG9LHxyiUSYoj7trF+qwRG0DsEuxIVcWVl0KT
E48KF5qHfZDV6Uqtf/G2TBCsonrvsi2tH9qRqZrSep/ibKyu1XHbNQse9SIPODki
F4S5+C9CV0psFyj52twACgkQwEaIp6EzCcuBzwf/VWZyakUHuSw7GeblPue4TT1n
l8agqQydpiXOcXmH5nvw7BRiHLHzysyMGzHDiOKcjx5RtcKGW682gUyJYleSNHiV
k63kS3nDMYuZ1apv5UTyqWhO9g6S9u9IqwCAzcVWcOSs4o2IPoapPynO5th0ne6A
1otudEaUzY/72unQ2VmZTeXZvcrH9MBJ28iMPA+HIR+fY4qBSNXqnhTuRm5cWmEA
iOgvMEhiprG14uZ8a45eRa+CxsEb6bK0QpZ5H346Q8R7d48jIZcwwoJEwRkIeJxl
uhxpM0VINAuEbSh6tJ88ryoBZqQYkpSkQsWp5YJ8QAKoLFJJsYhtIUkShwZcrrkB
DQRjkKwMAQgA0wMmt0mnw4MwmYuE6LGahalq/9TWmqm4kH70n1cGFufmjKjSvWTH
IFJWI6XZ/DQzxv12l6Proym+Ksed4l4fRXFwrEXvxzNuLC+pmxjz9xBg5bQRWghj
kU8FlGxJ+jq4Tlg+QPwfps4M+ISlnDshfSNx1MH72xk/ChLJ+GSShSuqP5MIFGJd
tOiO+zjmeGYweAQWxa6DfH9Ab5MFzvPvu+GDjCJfkRmXVtlZFXxtzoBsG/b66o76
p/baJlfA4jltgoZXLdjqcanWAz4faX1jlLtqL0/vYHeZ2NjHVrWt7f2ei4wCAH11
Sg3IeyMJQOoQlBS3uyKgNgkudSf9Y7X8JQARAQABiQeyBBgBCAacBQJjkKwSBQkA
NBNBxKkUAAAAAAAXBUl4NTA5Y2VydGlmaWNhdGVAcGdwLmNvbTCCBUUwggQtoAMC
AQICFGk8r68uZzjrf+MDU+0cDv3CHRwWMA0GCSqGSIb3DQEBCwUAMIGiMRAwDgYD
VQQDEwdiY2cuY29tMSQwIgYDVQQKExtUaGUgQm9zdG9uIENvbnN1bHRpbmcgR3Jv
dXAxGDAWBgNVBAsTD0dsb2JhbCBTZXJ2aWNlczEPMA0GA1UEBxMGQm9zdG9uMQsw
CQYDVQQIEwJNQTELMAkGA1UEBhMCVVMxIzAhBgkqhkiG9w0BCQEMFFdXSVRTZWN1
cml0eUBiY2cuY29tMB4XDTIyMTIwNzE1MDY1M1oXDTIzMDExNTE1MDY1M1owTzEs
MCoGCSqGSIb3DQEJARYdUmVzcG9uc2libGVEaXNjbG9zdXJlQGJjZy5jb20xHzAd
BgNVBAMTFlJlc3BvbnNpYmxlIERpc2Nsb3N1cmUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDTAya3SafDgzCZi4TosZqFqWr/1NaaqbiQfvSfVwYW5+aM
qNK9ZMcgUlYjpdn8NDPG/XaXo+ujKb4qx53iXh9FcXCsRe/HM24sL6mbGPP3EGDl
tBFaCGORTwWUbEn6OrhOWD5A/B+mzgz4hKWcOyF9I3HUwfvbGT8KEsn4ZJKFK6o/
kwgUYl206I77OOZ4ZjB4BBbFroN8f0BvkwXO8++74YOMIl+RGZdW2VkVfG3OgGwb
9vrqjvqn9tomV8DiOW2Chlct2OpxqdYDPh9pfWOUu2ovT+9gd5nY2MdWta3t/Z6L
jAIAfXVKDch7IwlA6hCUFLe7IqA2CS51J/1jtfwlAgMBAAGjggHDMIIBvzAdBgor
BgEEAZpJCAEBBA8XDTIyMTIwNzE1MDY1MlowDgYDVR0PAQH/BAQDAgeAMBMGA1Ud
JQQMMAoGCCsGAQUFBwMEMBEGA1UdDgQKBAjtHA79wh0cFjBdBgNVHREEVjBUgR1S
ZXNwb25zaWJsZURpc2Nsb3N1cmVAYmNnLmNvbYEzUmVzcG9uc2libGVEaXNjbG9z
dXJlLlJlc3BvbnNpYmxlRGlzY2xvc3VyZUBiY2cuY29tMBMGA1UdIwQMMAqACL0x
+ebBarb1MIHxBgNVHR8EgekwgeYwgeOggeCggd2GRWh0dHA6Ly9rZXlzLmJjZy5j
b206ODAvY3JsL1Jldm9rZWRDZXJ0aWZpY2F0ZXNfMHhCRDMxRjlFNkMxNkFCNkY1
LmNybIaBk2xkYXA6Ly9rZXlzLmJjZy5jb206Mzg5L3BncEtleUlEPTB4QkQzMUY5
RTZDMTZBQjZGNSxjbj1SZXZva2VkJTIwQ2VydGlmaWNhdGVzLG89Q1JMP2NlcnRp
ZmljYXRlUmV2b2NhdGlvbkxpc3Q/YmFzZT9vYmplY3RjbGFzcz1jUkxEaXN0cmli
dXRpb25Qb2ludDANBgkqhkiG9w0BAQsFAAOCAQEArexI1QhMheUbkT6RFkbwNNfE
LXSh26M0D8/ZP5hLq4KGs/G5BgLOyAeUx1znWdYp5P2uaCDZamWRiO2svG1r8Zgg
qTCSOX5C/fQsUDMt4zGVNVl5eZxGXmrFUw7mWO27MLH1Qf/QZzBzG6i3SEWkzcOE
/KNKoTnxLF0lNo5M3SXSC6sDufhfia7aTrVI7QqdKYt9rAOE6EstzSnXB4iMyBTY
plFIvpxwhhXaJ+AqHfizhzEy3ankESzZDTGNej1sTaE4130O7mlcv7oE1GaAPU+p
ZlnReHhjXm6gpm/c+7kOY9R9gDUg2K6tMpNdCFoPZIX0W3Q3FwzOpd2AiRG5vgUb
AgAAAMBdIAQZAQgABgUCY5CsDAAKCRDtHA79wh0cFquTB/9OwEB7sCrO95/kzq8U
VWmYbFzxJ/atroNN01cZ3Ns0QZbXJvHL7ngsDrxaPzCY05dKtQg+1dBmE8KWUZZr
ZUjgXNg9dA9jcPfv9HeZxcVc5Fu8tgaoJMUaQAnQ2+OpKZ5CBJcdXcA3T9SpFzNx
NylJ7Wg4FxNfJUxnW58pIYggvi/wSAV7qQDU42tF3NM9Nc84GH0+q1Zl55hA+tgD
3gllXTKNa7CLruXMJG7mKvuCU6Kr/kdFYK894lDcNplbNMgiL3mwhe4eQWFiTPKl
7kmASmVguTYJIgWJ0OBer59QAreA/z0koqMj5k3tsc2yGwVUvdQlKtbXebr1tE3y
72UqAAoJEMBGiKehMwnLZOMH/01+sX7yhNsgHMaK+SLr/RgJcq9RuPa6kVyEnYkP
q8cm4xb/JAfzuLdOupR0BugKdjzX10nDkHzBiD9jrIezHJEXfvidxU4Jt0wyjAZ4
p2sh+vwDiB4iHz+tslorgat72p6ERE093XeviSBAoTOOddtD8ZG4iNxDWqZ3XDjt
FpDLKuNzuMKN77U6b0Grn3QXtXglaVfawcMrZvaEeJo6Lw/ptVWf2zVnv97QgkIV
OsQccJY5Gwmggv9WOX2pQuUKX0uqVlgOtpND7669j1kDBlxdpVhJXwEolYBgj6cL
Kw48LqRBGw86hN2oRE7pP5RyiWq7yfVO3FI7b2GZtO6b31A=
=g6gw
-----END PGP PUBLIC KEY BLOCK-----

    On behalf of ourselves and our users and customers, thank you again for helping us improve our cybersecurity.

    BCG reserves the right, in its sole discretion, to modify the terms of the Responsible Disclosure Guidelines or to terminate any or all of them at any time.