Comcast Security: Responsible Disclosure Policy

Responsible Disclosure Philosophy

Comcast believes effective responsible disclosure of security vulnerabilities requires mutual trust, respect, transparency and common good between Comcast and Security Researchers. Together, our vigilant expertise promotes the continued security and privacy of Comcast customers, products, and services.

Security Researchers

Comcast accepts vulnerability reports from all sources such as independent security researchers, industry partners, vendors, customers and consultants. Comcast defines a security vulnerability as an unintended weakness or exposure that could be used to compromise the integrity, availability or confidentiality of our products and services.

Our Commitment to Researchers

What We Ask of Researchers

Vulnerability Reporting

Comcast recommends that security researchers share the details of any suspected vulnerabilities using the web form below. The Comcast Security team will acknowledge receipt of each vulnerability report, conduct a thorough investigation, and then take appropriate action for resolution. To encrypt a submission via email, use the public key provided on this page.

Thank you

Comcast values the research community. Contributions from researchers like you can help protect the privacy and security of our customers. Comcast does not offer a bounty program or provide compensation in exchange for security vulnerability submissions.

Submission Form powered by Bugcrowd

Security Researcher Hall of Fame

Comcast would like to thank the following researchers for their responsible disclosures, which were in scope for our Vulnerability Disclosure Program:

Researcher Profile
David Calligaris
Mukesh Kumar bugcrowd.com/theserpent
Osama Ansari twitter.com/ansariosama10
Mrpeuch bugcrowd.com/mrpeuch
Cameron Dawe twitter.com/spam404online
Researcher Profile
Mrpeuch bugcrowd.com/mrpeuch
Sameer Phad twitter.com/sameerphad72
Benson Creek twitter.com/bmdc25
Michael Skelton twitter.com/codingo_
Samet SAHIN twitter.com/sametsahinnet
Noah twitter.com/thesubtlety
Er Quan sg.linkedin.com/in/eqbang
Ali Razzaq twitter.com/alirazzaq_
Researcher Profile
Alex Boese https://www.linkedin.com/in/alexboese
Sean Durkin linkedin.com/in/seanrdurkin
Justin Calmus linkedin.com/in/jcalmus/
whatasec twitter.com/whatasec
FogMarks.com twitter.com/fogmarks
Shahar Albeck twitter.com/l33terally
Maxwell Pereira linkedin.com/in/maxwellpereira
Yash Mehta linkedin.com/in/1yashm
Hamza Grindi hackerone.com/hamza_g
Daniel Zhang bugcrowd.com/danielzhang
Devansh Batham (infoziant Labs) twitter.com/devanshwolf
Cody Zacharias linkedin.com/in/codyzacharias 
Ashish Kunwar bugcrowd.com/dorkerdevil
Koen Rouwhorst linkedin.com/in/koenrouwhorst/
Vineet Kumar

Encryption

Alternatively, you may send vulnerability submissions or questions to the Comcast Security Team via email to securitydefectreporting@comcast.com. Encryption key provided below:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2

mQINBFjVUb4BEADX4dYZPQ7dUhOzvzqh8gcA78oWOC8C/h4GOmj0ItC+iCbQ9SmH
pVewI8Phnr0SQCBH5SfGVSZDN21jiiGHmKi7wLk86rg585nAvMFB3Yq2xlPVTsF7
oburm7/5nE36IJ5WaKk7wOH+Jt7D3eDAXoYodiHeH5iJlO8qBCLYpya6MLeNDd6d
HTrSM+hd77pdN3/0s6ebN6fRsaem8md8tt6s/xZa67G+8Y1giduKy0VKFA0D+mD1
kEYrMxdAik55blacL6Jt2BliUfB503xw0SMVwgWA5ZU3ZJJSGAza32PpTqo2vYCn
97we287JEwFx5rN/WAILpo9AU0Ck+Lg/D1YAutjrV5QAeMQa/haFlu5wiJuSasb+
dtiOcP/7SjHCZo+UjqNr1kFx3yUJqYSSExmOJMNHo49Q9Nhqm8MZWRJLdcB3JDo1
xNhfQYq9T/PvbEy5A/jBX/SCYA+IqRQ6yZ6xdL3Hl6tqPoU6xJu6PIq39ADExBCi
9HQcmFIye+C2GxBjgS5UAPuO6rbxk69N9eNulWLrUQhMMhFGob29OjC7RvyOLeD7
rUfjJgPM+QvCD6LEYPuu2f2iQK4IbCiQMYSANPdOaoJ3upttMt0uUydPBJCbWiN6
Cg1ujN4Q52bKNhuArD0QYyBlEOiD/qhBKKBlw/5OC/TYKPaYWyqpi5PXvQARAQAB
tEdDb21jYXN0IFNlY3VyaXR5IERlZmVjdCBSZXBvcnRpbmcgPHNlY3VyaXR5ZGVm
ZWN0cmVwb3J0aW5nQGNvbWNhc3QuY29tPokCOQQTAQgAIwUCWNVRvgIbAwcLCQgH
AwIBBhUIAgkKCwQWAgMBAh4BAheAAAoJEPZc70/KMxD7T48P/RKfFreBFhTsb1qT
G4S2uxXKEQsuPEl+jY9D1HThPqMDNHj/IiVB5Y+MIbSRtth3dwYQB4U4do+/aIaz
nIFwyrZ3/z0+81j96jTr0gBfP+wrzrwEly64Pp2JYJnC6ktENggE0hNSVZTQnnY1
uvRP/tuSmctJbMCzNPLiFfd09mTyky6FlwYNWUGv9bgs6wDI853ocVVTWwmY4s4i
bWdNHmBWKyrt5TB22bgJAqtmN4DBYgjM3eTT/QSjLk1ACircsOoGFOJc1/mvT11/
wgofyxOERKabw5F4A+AIU1P93Sui7lmlpo4+prcrb5pn/lvAjTkuF0B2GOaz0MoJ
OhkunTZQNFaXKF5FACz0+cqitekyi3WH8aao+jYRg2XGmjJKDqrlr+ZS+mXQdCV3
B9flNGCe2PS7dvkU3Rwo3laiumKz8Ub9UOJ2eJLPVGUWM9VGgyGF2Dg03CK6c/ex
NxITPs1IHJ4rwq1SdwTvsQCIt/D752xMw7oOd96hTvulYYs3OGTcj49+AehUm47c
aZ3LHDZ1zSa0hNfAQRfhHcZ8Bdwt51KNPzcOGeh5N0jULXTx90f0fXWpRZ3nMp2c
4NOXQWehlnSMvi8QvFag2RIyK7ue1rs003iibjav5+AT5f5HJ5sMklSe1C4xQGID
tzN3nNOCpEftlZoimNDsxTFgc8UHuQINBFjVUb4BEADTuW1kAieOxRuWhs5l864h
j7kVt5Rpf8yFOD+26s8oi8JZNq9UX8EoMY+0OK/nRa/KLHDNEFQ5DuwIRuV5kNGB
3aiS/H4bfOThKdNZywFvMdmOcEaUPOjVONbt3uQLBkTfAvu+vkaEhvm5UJksLJkz
TxTK0UiRL13EeSgCSWZSYj5wehh2NJ0zTRgQBL7FGHjV9Yh6xkHDPNPkrN2RPPNo
8DA6c4JQXlUN9hdvUMdtzo+ZzPSaZPYB45DlNboXUaIacl4sGGSnYUiuuHn43KEi
sndw4r1T7WG1l5QSPxMmZc5nrwxZFTx1UCBLoCuG2ByFQf350PEcw0p9JLtpdrYk
mI54MVXY7Ge2SVJQ0dSKRe9XWASUS83LYzv6Sya1ptA1M/BjadW8or+cQ2bL79MB
RYS2evvfxcz/IlnQmScEkBB6QpwAgl1d9ELijo9qG6SYgSqPpL36+R8HTMulLml0
JOqFoVw4+Uye9u6dzh6bDg9wz1oxKVUDyYvA2vJdFlZUEFsi3f6BR/wCn/q55NUz
/drgQd/ycsXTMEqWGoxkJF3kBBw25+5JX7PxkrOTZxvWbuHN+bG48EAbwSELDkGD
k5Un5EzQh5lWSteSIiWAiVZKbXZum7zZIxEa5tXJNrMIUqEOJa89upUBtH39JEYh
KTqlnLEkc7tMdzMhoxTnOwARAQABiQIfBBgBCAAJBQJY1VG+AhsMAAoJEPZc70/K
MxD70awP/iVQmM2KWXxjb+ZUyP7WPuWP2E3wX+HSbcK9bh84Zlois6wA0Fp2g9WU
y7F/to7bZKFp1XamZcf7QZEs1Ee8YSv1NNKTa983UtBebnhFguk9qnv9St+VaE6k
Hnsp3NDaSN2UGXqLmJhA/THaoI99nuhfHumnX+aQY8Yrnvs/V1I2IaJ6t8MWNEuq
kseVKYmbWh7PcIEIxwryhwFh36cj4RgVhidjbrbSk1a5iDpcl77jV6JsUcuLVmjN
rJDxX2eSzrSMBHaKW2C7xQLFpZTk+706DB3vV8X04fucOdTGbBfsdQWkTiWFxNHE
as0bcrvjJK8BBKgBfi8nCbIQgk5baoBeMqhgVXd3ZmME2bJV64Ee3ayOcfO9dJiW
6GFeCFEPDdnhn0s8BA9sQgkWRzouQvsI2K+NEzF+xBF6YxTGsgEFh/LxI9ZJ1izX
UuseklVPLd9vfBoIg2QSB064yf7G/uwMuE2/TDG9CydTrNtr/KIG06Rk2SAy/O/J
U9xpbd8PF6tmbdMdtSgA4LmZYIq1loTc8gGo2C4mmz9ykJcvgpGVzKxM0yR/XByO
XQPYyCqvQDl+n5lIzz6AY+IT1IFd0ZhNweHzkpKbjc3TgLqZkIcRXBN+xE2T1N64
kwFWMp6uM6sdv4pycWMcef+Voi3stx8px71MOC5zYEwQnWcE88wS
=xSl+
-----END PGP PUBLIC KEY BLOCK-----