Report a Security Vulnerability
Security vulnerabilities may be reported by email to: security@humbletx.gov
What to Include in a Report:
- Your name and contact information
- The affected website, system, application, or service
- A description of the suspected vulnerability
- Steps to reproduce the issue
- Screenshots or supporting evidence (if available)
- The date and time the vulnerability was discovered
- Any known impact or risk
Responsible Disclosure Expectations
The City requests that anyone report a vulnerability:
- Avoid disrupting City systems or public safety services
- Do not access, modify, copy, delete, or disclose data that does not belong to you.
- Do not perform denial-of-service testing.
- Do not use social engineering, phishing, physical attacks, or malware.
- Do not publicly disclose the vulnerability until the City has had a reasonable opportunity to investigate and address the issue.
City Review and Remediation
The City of Humble will review submitted vulnerability reports, create an internal tracking record, evaluate the reported issue, assign priority based on risk, and coordinate remediation with the appropriate department or vendor.
Reports involving Criminal Justice Information or CJIS-connected systems will receive priority handling and will be escalated according to City security procedures.
The City may contact the reporter for additional information when necessary and will provide updates when appropriate.
Good-Faith Reporting
The City appreciates good-faith efforts to improve the security of public systems. Reports submitted under this program help the City identify, evaluate, and remediate security issues before they can impact City operations or public safety.