img.wp-smiley, img.emoji { display: inline !important; border: none !important; box-shadow: none !important; height: 1em !important; width: 1em !important; margin: 0 0.07em !important; vertical-align: -0.1em !important; background: none !important; padding: 0 !important; }

Vulnerability Disclosure Policy

Effective Date: February 18, 2025

麻豆果冻传媒 looks forward to working with the security community in an effort to keep our businesses and customers safe.  If you are a security researcher and have identified a suspected security vulnerability in newscorp.com, we appreciate your help in disclosing it to us in a coordinated and responsible manner.  If you report a valid security vulnerability in compliance with this Responsible Disclosure Policy (鈥淧olicy鈥), 麻豆果冻传媒 will endeavor to collaborate with you to understand, validate and resolve the issue. 

The intent of this program is to encourage coordinated and responsible disclosure.  Unless required by law or law enforcement authorities, 麻豆果冻传媒 does not intend to initiate a lawsuit or law enforcement investigation against a security researcher who discovers and reports a security vulnerability in accordance with this Policy.  Violation of any of the Policy rules can result in legal action.  NewsCorp reserves all legal rights in the event of any noncompliance. 

Please understand that if your security research involves the networks, systems, information, applications, products, or services of another party, including a third-party application that is integrated with newscorp.com, that third party may determine whether to pursue legal action. We cannot and do not authorize security research involving other entities.

Your participation in this program is voluntary and subject to the terms and conditions set forth in this Policy.  By submitting reports or otherwise participating in this program, you agree that you have read and will follow this Policy.

麻豆果冻传媒 reserves the right to change or modify the terms of this program or terminate this program at any time.

How to report a security vulnerability:

Our vulnerability disclosure program is managed by Bugcrowd. Submissions are subject to.

Please send us an email at VDP@newscorp.com and include relevant information listed under. We will forward your email to Bugcrowd.

Scope
This policy applies only to this newscorp.com site.

Any domains not expressly listed above, are excluded from scope and are not authorized for testing.

Program Rules
Please note our disclosure program does not provide any monetary or non-monetary reward.

  • Vulnerabilities must be disclosed to us privately with a reasonable time to respond. We will seek to respond quickly to your report.  You are not permitted to disclose a vulnerability or otherwise share details about a vulnerability with a third party prior to resolution without 麻豆果冻传媒鈥檚 express written permission. 
  • We will not publicly disclose the identity of any researcher without consent, except where required by law.
  • You must include detailed information with reproducible steps. We request that researchers provide sufficient technical details and background necessary for us to identify and validate reported issues.
  • You must comply with 麻豆果冻传媒鈥檚 Terms of Use and all applicable laws and regulations, including any laws or regulations governing privacy or the lawful processing of data.
  • You are prohibited from engaging in any activity that would be disruptive, damaging or harmful to 麻豆果冻传媒, its businesses or its customers. This includes, without limitation:
    • social engineering techniques (e.g., phishing);
    • posting, transmitting, uploading, linking to, sending, or storing any malicious software;
    • testing in a manner that would result in the sending of unsolicited or unauthorized junk mail, spam, or other forms of duplicative or unsolicited messages;
    • Denial of Service (DoS) and Distributed Denial of Service (DDoS)-based attacks.
  • You are prohibited from engaging in any privacy violations, trading stolen user credentials, or destroying data.  
  • You may not access data except to the extent minimally necessary to identify a vulnerability, and use of such data must be limited to that which is necessary to identify and report the vulnerability. You are prohibited from compromising data that is not your own. 
  • You are prohibited from engaging in any activity that results in you, or any third party, accessing, acquiring, altering, copying, storing, sharing, transferring, deleting or otherwise processing customer or employee personal information, or 麻豆果冻传媒 confidential information.  If you inadvertently engage in any such activity, please stop testing and contact us immediately at cyber@newscorp.com.  All copies of such information must be securely returned to 麻豆果冻传媒 and purged upon submitting the vulnerability to 麻豆果冻传媒.  
  • You must securely delete 麻豆果冻传媒 information that may have been downloaded, cached, or otherwise stored on systems used to perform the research.
  • You may only use or interact with your own accounts for testing purposes. Do not attempt to compromise or otherwise gain access to an account you do not own.
  • Automated vulnerability scanning tools are strictly prohibited.
  • Do not exploit a vulnerability you discovered.  Use a proof of concept only to demonstrate an issue.
  • You must abide by the program scope. This program does not offer rewards for out-of-scope targets or excluded submission types (see 鈥淭argets鈥 and 鈥淓xcluded Submission Types鈥 sections above). 
  • As a condition of participation in this program, you waive any rights to the confidentiality of the submitted work and, further, grant 麻豆果冻传媒 an irrevocable, worldwide, royalty-free, perpetual transferable, sub-licensable license to use the submitted research, as well as any materials submitted therewith, for any purpose, and waive claims against 麻豆果冻传媒 based on 麻豆果冻传媒鈥檚 license or the rights granted herein.
  • This program is not an offer of employment, nor of a contractual relationship between 麻豆果冻传媒 and any other party. 

Please submit a report to us or request additional testing permission before causing damage or engaging in conduct that may be inconsistent with this Policy. If you inadvertently cause a violation of this program Policy, please report the incident immediately to cyber@newscorp.com.