Responsible disclosure policy

Esri Finland acknowledges the valuable role that independent security researchers play in Internet security. We encourage responsible reporting of any vulnerabilities that may be found in our site or services. We are committed to working with security researchers to verify and respond to any potential vulnerabilities that are reported to us. We ask that you do not share or publish an unresolved vulnerability with/to third parties.

We will not bring a lawsuit or begin law enforcement investigation of you if this policy is followed.


Report a potential security vulnerability

Please provide all applicable information to our security team by submitting the reporting form.

Note! All Security or Privacy concerns related to ArcGIS should be reported directly to Esri Inc by using following site:


Esri Finland does not permit the following types of security research

  • Performing actions like Denial of Service, Spam, Brute Force, Social engineering, attacks on physical security
  • Accessing, or attempting to access, data or information that does not belong to you.
  • Destroying or corrupting, or attempting to destroy or corrupt, data or information that does not belong to you.
  • Violating any laws or breaching any agreements in order to discover vulnerabilities 


Esri Finland commitment

To all security researchers who follow this Vulnerability Reporting Policy, Esri Finland commits the following:

  • To respond in a timely manner, acknowledging receipt of your report.
  • To provide an estimated time frame for addressing this vulnerability.
  • To notify the reporting individual when the vulnerability has been fixed.

Contact Us