Vulnerability Disclosure

The Federal Home Loan Bank of Des Moines (“Bank” or “FHLBDM”) requires that security researchers make a concerted effort to avoid violating privacy, degredate the user experience, disrupt Bank systems, and destroy data during security testing. Use the form below to report vulnerability and exploit information, keeping information about any discoveries confidential until the Bank has had 90 days to resolve the issue. By following this practice, FHLBDM will not pursue legal action related to your research, and will work with you to understand the resolve the issue. This does not constitute a bug bounty program, and FHLBDM does not reward or compensate researchers in exchange for potential vulnerabilities or exploits.

The following are out of scope:

Any findings derived from physical testing
Any findings derived from social engineering
Spelling mistakes and simple UI bugs
Denial of Service issues at the Network layer

Do not put any Personally identifiable information (PII) into this form.

Contact Us by Email

All fields marked with * are required.

Name *

Email Address *

URL *

Technical Description *

Hostname(s)/IP Address(es)

Known Versions Affected

Known Exploit(s)

Vulnerability Disclosure

Contact Us by Email

Products & Services

About

Resource Center

Member Support