Skip to main content

Responsible Disclosure Policy (RDP)

Massachusetts Mutual Life Insurance Company (“MassMutual,” “We,” "Our,” or “Us,”) is committed to protecting the confidentiality, integrity, and availability of our information systems and applications. We take cybersecurity seriously and encourage those who have discovered possible security issues in our information systems and applications to disclose it to us in a responsible manner. Our Responsible Disclosure Policy (“RDP”) is intended to give security researchers a mechanism to report security issues in any of our information systems and applications.

MassMutual RDP Rules:

  • Please provide detailed reports with reproducible steps. If the report is not detailed enough to reproduce the issue, the issue may not be marked as triaged.
  • Submit one vulnerability per report, unless you need to chain vulnerabilities to provide impact.
  • When duplicates occur, only the first report that was received will be triaged (provided that it can be fully reproduced).
  • Multiple vulnerabilities caused by one underlying issue will be treated as one valid report.
  • Social engineering (e.g., phishing, vishing, smishing) is prohibited.
  • Do not access, copy, store, transfer, or download any proprietary or confidential MassMutual data.
  • Do not delete or alter user generated data; impair, disrupt, or disable information systems and applications; or render data inaccessible.
  • Do not engage in any activity that violates any applicable law or regulation. (a) federal or state laws or regulations or (b) the laws or regulations of any country where (i) data, assets or systems reside, (ii) data traffic is routed or (iii) the researcher is conducting research activity.
  • Failure to abide by MassMutual’s terms and conditions will be deemed by MassMutual, in its sole discretion, to be unauthorized activity. MassMutual expressly reserves all rights afforded to it, by law or in equity, in this regard.

Report a security issue

If you believe you have identified a potential in-scope MassMutual security issue, please notify us as soon as possible by emailing a report of your findings using the button below:

Email Report

Please include the following details in your report:

  • A description of the issue and where it is located.
  • A detailed report of the steps required to reproduce the issue.
  • Public disclosure of the issue outside of this reporting mechanism without the consent of MassMutual is strictly prohibited.