As of October 3, 2018
Our global information security team is working to protect 21 Century Fox and its affiliates (21CF)’s information assets, services and products, and the confidentiality of customer information. We also recognize the valuable role the research community plays in identifying vulnerabilities. If you believe you have found a security vulnerability impacting 21CF, we encourage you to let us know right away. We will investigate all legitimate reports and do our best to quickly fix the problem.
So that we can respond to and address security issues effectively, and continue to provide the best services and user experience possible, we ask that you:
- Give us reasonable time to investigate and address the potential vulnerability, and do not post information or share it with others until we have responded to and addressed the issue.
- Do not access customer or employee personal information, pre-release 21CF content, 21CF confidential information, or any non-public application or non-public credentials.
- If you accidentally access any of non-public 21CF or customer information in the course of your research, please immediately stop testing, submit the vulnerability (including information regarding what you accessed), and do not maintain copies of any such information or share it with any third party.
- Do not violate privacy rules, disrupt or degrade our systems or operations, or access data without authorization.
- Timely notify us of any vulnerability and do not exploit a security issue you discover for any reason. (For example, please do not conduct further “tests” to confirm the vulnerability or demonstrate additional risk by compromising our systems or accessing sensitive company data, and please do not probe for additional issues.)
- Do not cause harm to 21CF or our customers, and do not violate the law.
For our part, to encourage responsible disclosure, 21CF:
- Agrees to investigate and attempt to resolve the issue quickly, and do our best to respond within 30 days, or sooner if possible; and
- Agrees that we will not initiate claims against you if you have followed the above guidelines.
To report a potential vulnerability, please email email@example.com, and provide details regarding your discovery that allow us to reproduce the issue, and, if you do not mind, also a way to contact you if we have further questions.