• If you've found a security or privacy issue on the .gov top-level domain infrastructure, submit it to our vulnerabilty disclosure form or email help@get.gov.
• If you see a security or privacy issue on an individual .gov domain, check current-full.csv to see whether the domain has a security contact to report your finding directly. You are welcome to Cc help@get.gov on the email.
  • If you are unable to find a contact or receive no response from the security contact, email help@get.gov.

Note that most federal (executive branch) agencies maintain a vulnerability disclosure policy.