Please fill out the form on the right with all applicable information including sufficient details of your specific concern. Your contact details will be used to follow up on the information you provided. Please select the applicable subject from the subject drop-down menu.
- Vulnerability - report a vulnerability found in our site or application.
- Suspicious E-mail from Esri - if you believe you were targeted by a possible phishing attack from an Esri e-mail address, or have received other suspicious e-mail correspondance from Esri.
- Privacy Issue - if you have a privacy concern related to our application or organization.
- Other - for all other security, privacy or compliance related concerns.
Vulnerability Reporting Policy
The ArcGIS.com security team acknowledges the valuable role that independent security researchers play in Internet security. We encourage responsible reporting of any vulnerabilities that may be found in our site or application. Esri is committed to working with the security community to verify and respond to any potential vulnerabilities that are reported to us. Esri will not bring a lawsuit or begin law enforcement investigation of you if this policy is followed.
ArcGIS.com does not permit the following types of security research
- Causing, or attempting to cause, a Denial of Service (DoS) condition.
- Use automated security tools without Esri's explicit consent. Use of automated tools may result in investigative action or your IP(s) being blocked.
- Accessing, or attempting to access, data or information that does not belong to you.
- Destroying or corrupting, or attempting to destroy or corrupt, data or information that does not belong to you.
The ArcGIS.com Security Team commitment
To all security researchers who follow this ArcGIS.com Vulnerability Reporting Policy, the ArcGIS.com Security Team commits the following:
- To respond in a timely manner, acknowledging receipt of your report.
- To provide an estimated time frame for addressing this vulnerability.
- To notify the reporting individual when the vulnerability has been fixed.