Reporting Technology Vulnerability
We monitor activity on our applications, websites, and other computer systems as a part of our overall information security program. If you believe you have found a security vulnerability on any of our sites or applications, we encourage you to report it as described below so that our teams can investigate the matter. Please take a moment to familiarize yourself with our reporting process before submitting any information.
Any potential or real instances of security vulnerabilities should be reported to Fannie Mae’s Information Security team. To help our team fully understand the nature of the vulnerability you should be prepared to provide the following information:
- Your name, organization, and contact information
- Description of the potential vulnerability
- Technical details of the potential vulnerability
You may contact us to submit specific security vulnerabilities or to simply to request that we contact you. Note: In contacting us, you are providing Fannie Mae consent to contact you about your report and its contents.
IMPORTANT REQUIREMENTS APPLICABLE TO YOUR SECURITY VULNERABILITY REPORT
- If your report pertains to a vulnerability that may lead to bodily harm or injury to persons, please contact law enforcement immediately.
- Do not include any nonpublic personal information in your security vulnerability report (e.g., social security numbers, financial account numbers, etc.).
- We will take your security vulnerability report under advisement but may not contact you in response or otherwise keep you apprised of the validity of the vulnerability you reported.
- We may share your security vulnerability report with law enforcement agencies or other industry participants that may be affected by the vulnerability.