Responsible Disclosure Policy

Published on September 21, 2016 and last updated on April 30, 2018


Walmart cares deeply about maintaining the trust and confidence that our customers place in us. Therefore, the security of our eCommerce platform is of paramount importance to us. If you are a security researcher and have discovered a security vulnerability in one of our services, we appreciate your help in disclosing it to us in a responsible manner. Walmart will engage with security researchers when vulnerabilities are reported to us in accordance with this Responsible Disclosure Policy. We will validate and fix vulnerabilities in accordance with our commitment to security and privacy. We won’t take legal action against or suspend or terminate the accounts of those who discover and report security vulnerabilities in accordance with this Responsible Disclosure Policy. Walmart reserves all legal rights in the event of any noncompliance.


We encourage security researchers to share the details of any suspected vulnerabilities with the Walmart Information Security Team by submitting the form at the bottom of this page. Walmart will review the submission to determine if the finding is valid and has not been previously reported. At Walmart’s discretion, you may be eligible for monetary compensation for your efforts. We require security researchers to include detailed information with steps for us to reproduce the vulnerability.


If you identify a valid security vulnerability in compliance with this Responsible Disclosure Policy, Walmart commits to:

  • Working with you to understand and validate the issue
  • Addressing the risk if deemed appropriate by Walmart team


Public disclosure of the submission details of any identified or alleged vulnerability without express written consent from Walmart will deem the submission as noncompliant with this Responsible Disclosure Policy. In addition, to remain compliant you are prohibited from:

  • accessing, downloading, or modifying data residing in an account that does not belong to you
  • executing or attempting to execute any “Denial of Service” attack
  • posting, transmitting, uploading, linking to, sending, or storing any malicious software
  • testing in a manner that would result in the sending unsolicited or unauthorized junk mail, spam, pyramid schemes, or other forms of duplicative or unsolicited messages
  • testing in a manner that would degrade the operation of any Walmart properties
  • testing third-party applications, websites, or services that integrate with or link to Walmart properties