DOW JONES VULNERABILITY DISCLOSURE PROGRAM

Effective Date: June 24, 2021

1. What is a security vulnerability?

A security vulnerability is a weakness, flaw, or error found within a system that has the potential to be leveraged by a threat agent to compromise the confidentiality, integrity or availability of the system.

Dow Jones values the efforts of and role that the information security community plays to identify new threats and help businesses to protect their information assets. We encourage the reporting of any possible security vulnerabilities that may be found in Dow Jones’ information assets. Dow Jones takes security seriously and will investigate all reported vulnerabilities. If you have any information about a possible security vulnerability in Dow Jones’ information assets, please let us know right away.

2. How to report a security vulnerability:

Our vulnerability disclosure program is managed by Bugcrowd. Submissions are subject to Bugcrowd’s Standard Disclosure Terms.

Please send us an email at VDP@dowjones.com and include relevant information listed under Bugcrowd's Report a Bug page. We will forward your email to Bugcrowd.

3. Public Notification:

In order to protect our customers, Dow Jones asks that you do not post or share any information about a potential vulnerability in a public setting until we have researched, responded to and addressed the vulnerability.