Report a Security or Privacy Concern

Please provide all applicable information in the form, including sufficient details of your specific concern. Categorize your concern as one of the following:

  • Vulnerability - report a vulnerability found in our site or application.
  • Privacy Issue - if you have a privacy concern related to our applications or organization.
  • Other - for all other security, privacy or compliance related concerns.

Your contact details will only be used to follow up on the information you provided.

Vulnerability Reporting Policy

The Esri Product Security Incident Response Team (PSIRT) acknowledges the valuable role that independent security researchers play in Internet security. We encourage responsible reporting of any vulnerabilities that may be found in our site or application. Esri is committed to working with the security community to verify and respond to any potential vulnerabilities that are reported to us. Esri will not bring a lawsuit or begin law enforcement investigation of you if this policy is followed.

Esri does not permit the following types of security research

  • Causing, or attempting to cause, a Denial of Service (DoS) condition.
  • Use automated security tools without Esri's explicit consent. Use of automated tools may result in investigative action or your IP(s) being blocked.
  • Accessing, or attempting to access, data or information that does not belong to you.
  • Destroying or corrupting, or attempting to destroy or corrupt, data or information that does not belong to you.

The Product Security Incident Response Team commitment

To all security researchers who follow this Vulnerability Reporting Policy, the Product Security Incident Response Team commits the following:

  • To respond in a timely manner, acknowledging receipt of your report.
  • To provide an estimated time frame for addressing this vulnerability.
  • To notify the reporting individual when the vulnerability has been fixed.