Security researchers’ reports are accepted here. Submissions must include:
- A detailed description of the vulnerability found by the security researcher.
- Identification of the vulnerability’s location and the potential impact.
- Technical information needed to reproduce the vulnerability (Scripts or exploit code should be embedded into non-executable file types).
Reports should provide a detailed technical description of the steps required to reproduce the vulnerability, including a description of any tools needed to identify or exploit the vulnerability. Images, e.g., screen captures, and other documents may be attached to reports. It is helpful to give attachments illustrative names. Reports may include proof-of-concept code or screenshots that demonstrate exploitation of the vulnerability.
By submitting a report to H&R Block, security researchers represent that, to the best of their knowledge, the report and any attachments do not violate the intellectual property rights of any third party or H&R Block.
Security researchers may submit reports anonymously or security researchers may provide contact information, and any preferred methods or times of day to communicate, as they see fit. H&R Block may contact security researchers to clarify reported vulnerability information or other technical interchange.