UL Foundation Security Badge

UL Foundation Responsible Disclosure Policy

Effective: May 15, 2025

At the UL Foundation, we prioritize security, privacy, and transparency in everything we do. This policy outlines how ethical hackers, security researchers, and members of the public can responsibly disclose potential vulnerabilities in our systems.

Scope:

This policy applies to:

Reporting a Vulnerability:

Please report all vulnerabilities to: security@ulfoundation.org
We encourage encrypted submissions using our PGP key: https://ulfoundation.org/.well-known/pgp-key.txt

What to Include:

What You Can Expect:

We believe in recognizing those who help strengthen our systems. If permitted, your name will be included in our Hall of Thanks — a tribute to individuals who’ve made meaningful contributions to our security.

Guidelines:

Safe Harbor:

We will not pursue legal action against individuals who act in good faith and follow this policy in reporting security issues.

We appreciate your contribution to making the UL Foundation more secure for everyone.