Nossa missão é proteger a rede interna e o sistema autônomo (AS) do Grupo Globo, implementando medidas preventivas, monitorando ameaças, analisando vulnerabilidades e confeccionando planos eficazes e coordenados de resposta a incidentes. Our mission is to protect Grupo Globo's internal network and autonomous system (AS) by implementing preventive measures, monitoring threats, analyzing vulnerabilities, and creating effective and coordinated incident response plans.
Criamos o Programa de Divulgação Responsável com intuito de fortalecer a segurança dos nossos sistemas e proteger nossos clientes. Ele incentiva pesquisadores a relatar vulnerabilidades de forma ética e segura, ajudando a identificar e corrigir falhas antes que sejam exploradas. Sua contribuição é fundamental para criar um ambiente digital mais seguro para toda a comunidade! We created the Responsible Disclosure Program to strengthen the security of our systems and protect our customers. It encourages researchers to report vulnerabilities ethically and safely, helping to identify and fix flaws before they are exploited. Your contribution is essential to creating a safer digital environment for the entire community!
O comprometimento com uma conduta ética e transparente são princípios que norteiam nossa relação com colaboradores, fornecedores, clientes e tantos outros que se relacionam conosco. Para reforçar nosso compromisso na condução íntegra de nossas atividades, elaboramos o código de ética e outros documentos. We have a commitment with an ethical and transparent conduct, wich is the base of how we deal with our contributors, clients, suppliers and so many others that work with us. In order to reinforce our daily commitment to conduct all of our activities, we have developed our ethics code and rules of conduct for third parties (available only in portuguese).
Esta política tem como objetivo estabelecer as diretrizes para o uso dos dados
This policy aims to establish guidelines for the use of data
Nosso código de ética e conduta.
Nosso código de conduta para terceiros.
Arquivo de gestão de terceiros.
Política de segurança da informação.
Regras para prestadores de serviços (COVID19).
Está com dúvidas em nosso sistema? Acesse aqui os guias rápidos que preparamos para você. Do you have doubts in our system? Access here the quick guides.
Um CSIRT (Computer Security Incident Response Team) é uma equipe especializada em responder a incidentes de segurança cibernética, monitorar ameaças, analisar vulnerabilidades e implementar medidas preventivas para proteger redes e sistemas de uma organização.
A CSIRT (Computer Security Incident Response Team) is a team specialized in responding to cybersecurity incidents, monitoring threats, analyzing vulnerabilities, and implementing preventive measures to protect an organization's networks and systems.
O CSIRT da Globo é o time responsável por monitorar, detectar e responder a incidentes de segurança cibernética nas redes e sistemas do Grupo Globo.
The Globo CSIRT is the team responsible for monitoring, detecting, and responding to cybersecurity incidents on the networks and systems of the Globo Group.
Preferencialmente, você deve reportar uma vulnerabilidade utilizando o formulário apropriado, acessível através do botão "Reportar" na página do Programa de Divulgação Responsável.
Preferably, you should report a vulnerability using the appropriate form, accessible via the "Report" button on the Responsible Disclosure Program page.
Após o reporte, nosso time analisará a vulnerabilidade e informará ao pesquisador sobre o status da submissão.
After reporting, our team will analyze the vulnerability and inform the researcher about the submission status.
Não, o Programa de Divulgação Responsável não oferece recompensas financeiras, mas contribuições válidas serão reconhecidas publicamente. Clique aqui para saber mais.
No, the Responsible Disclosure Program does not offer financial rewards, but valid contributions will be publicly recognized.
As vulnerabilidades previstas incluem, mas não se limitam a:
- Falhas que comprometam a integridade ou disponibilidade
dos sistemas ou serviços.
- Vazamento de credenciais.
- Explorações de execução de código remoto (RCE).
-
Vulnerabilidades que permitam acesso não autorizado a dados de
usuários.
- Qualquer outras falhas que possa comprometer a
segurança dos sistemas e dados da Globo.
The expected vulnerabilities include, but are not limited to:
- Failures that compromise the integrity or availability of
systems or services.
Credential leaks.
- Remote code
execution (RCE) exploits.
- Vulnerabilities that allow
unauthorized access to user data.
- Any other failures that
could compromise the security of Globo's systems and data.
Qualquer pesquisador ou membro da comunidade pode participar e reportar vulnerabilidades.
Any researcher or community member can participate and report vulnerabilities.
Esforçamo-nos para responder o mais rápido possível, geralmente dentro de alguns dias úteis.
We strive to respond as quickly as possible, usually within a few business days.
Não, você não deve divulgar publicamente ou compartilhar com terceiros quaisquer vulnerabilidades relatadas sem nossa autorização expressa por escrito.
No, you should not publicly disclose or share with third parties any reported vulnerabilities without our express written authorization.
Entre em contato conosco imediatamente e elimine quaisquer informações locais após relatar a vulnerabilidade.
Contact us immediately and delete any local information after reporting the vulnerability.
Submissões de baixa qualidade, problemas sem impacto de segurança claro, ataques de negação de serviço, e vulnerabilidades em ativos de terceiros não gerenciados pela Globo são considerados fora do escopo.
Low-quality submissions, issues without clear security impact, denial of service attacks, and vulnerabilities in third-party assets not managed by Globo are considered out of scope.
Envie um e-mail para:
Send an e-mail to:
csirt@csirt.globo
GnuPG Public:
ID: A0276FC30885E93EA5F25A8CF59D4DFB8835A0B8
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBGcNVywBEADiezqNNZuLYbNVzCQIu/yGAjPKThx6UkkJycQ/rfjRsurIcd4V
Ns+EpNZhzhHnLl2qPBJEnvBMgY1atmXxK497pVmUkxe76qRU89Xsq/c9+QFb5ZkW
baFF+gpqUNtz6dDeKe4P1gl0sTHvsna5/CTgsQqPE+e49uQDunCfkjdNkNRPnzgw
Cnr7YmNF/MtKG10P+XcS/uQ4KmPrmzmiAbs2sip37ossQnSJ9H+1sBeJZlNFwLua
3b1ODV4MzaUm2FCuvAsteah1s32OyhLykv6SVyF2MuE2VIFRK7YIaxWsKD9EOu/d
yU91tSBdUoaLTW5WIt6wnAaVN5T1KtZin11o72gjdpp0cDM1sffpo0XQ2TxSo+oe
XKRr7NEW6HvvLeqcS9CanwvBYRDwJUGKa5uj5HGOxY+AgUagtH3lR1QbSc9Ar83+
F6NWsAuuqDhPfrRYSBqiqbeyf1YZ8mryRUG1y5StSkLVHXmjQAxlRp2vo1v7bytZ
n74ahpycmUmcOU9dtWczdtD6Pnyhf3TRQsAbB6PEc9vjuX/lgh0Mgafez/IYZ5S1
4zZP2LPUb5F9NurzcVHWmTfxWr+2mGfude/DmwFJzurT34/Y33SBFz8Ilh1ri7Di
16doPqlqV1/S4NpOMsm6uPhgvnyW7tSLAYZt6bB0nBmlnZRwMb8RecQ/XQARAQAB
tB9DU0lSVCBHbG9ibyA8Y3NpcnRAY3NpcnQuZ2xvYm8+iQJRBBMBCAA7FiEEoCdv
wwiF6T6l8lqM9Z1N+4g1oLgFAmcNVywCGwMFCwkIBwICIgIGFQoJCAsCBBYCAwEC
HgcCF4AACgkQ9Z1N+4g1oLhx0w/+MtGUm9fq/jwyCgk0O5VpN2KeUehyPgiiY5Bx
aRcjDDTc1RlFi6YsAaWHcnIq0a8FXJeUqtbhpWLNaEKakNKyasyRpZDs7fyMjm3z
17jYgGwYxo8UIiVNSaOeeaNEMnMy1ReByBrKsHkaiH2aW4+ZOOcBirhAVuaXVVV1
1I9hCKainl3gpWgKVNXvg081JEzH1R5kw5N9jik07ryXYHVoMhO4jIQZt7iAqoV8
x4aDPVGA9J1aGEB+ad0cxtQ1juo5dHh90d9zYjiVd0TyRqh8SZ7OoadwyqwD58t8
Hl3ylEMe+y7Iy4EiQ41lg+/+wNk0qbtLEhIzK8AXDx0jeYiH3hsCQzOvWtVCPa/E
KtSww8frDeenRaASwn2qhxMGic3mUFTI0ns96JDeanqjpP74jhxlr853yA9VjXfr
Pu68o2nw7qMnxzyNpfyEZzhrb+TsoY/w2rHYOSiE6O0qZVnjGHIlJJtV6/ElqIz0
xrRVMeiHRs7BT89ae3w+bWfvHZyS6nrN9XbiNZ9DwrUKjiFtsfGiaZ6gKmpAHL1i
quxH3sjkIl9GgzB4O9DIOpP7vMLzkPqH/826AlSSkXhRUhkns0krejY8WKMQ8lcm
dt2i2BuFoiyUUucsx8pIi/StMmg/iBoOReAVurNE9X0nZ0Rq0wnxgO/55FjeBthg
3LIaOdm5Ag0EZw1XLAEQAM/weA0QaogOr8HAnPooRWYn6RZ7kMeeyOF1fHuLkb1H
fY+Zg3IfeLPwdCfbdylnv5jXriQjcIJPnSiortyYYniyMvPM3txIMDOWydpxYFSX
dJcdFmRCoASDrASkRlmCu4xwNUtZl7bVxZOew0OPoMTMMXvxp9iYJ9K89qySpJKw
BW6xhPAEGgrQCxhl0bvookHIJyPmbqQUFrdNZpsK1vj55MGf8Kr/KEpAUsMDpyjV
ToGUKXepuupN5xy3Igah6w08lhN1wPup7+cOSAply0tlplC3ENevr/0m5O9Q/teR
GnBun54wFQF5u7jNCihLiWxGyGlgi2EOyoQkRA0hSNvl+ga++EERI2WssyhXpVqu
j0FXlGGpmHd1qP5XYzLu6Ec6MOuSKQx00cjqQDPg0UXdwUqqaDa4CRbJamyg2RrG
sA+C177ECyKb/9jULTnlnlGwxyuCwPhqXNLYirMGyhdu1QBqkWr8prVvBgQrcjMK
vdHhly2k+gGIOJ64h0eeYNJL/4rvcstRQhZEA0K3aK8vS4biU2+WWXATbkkIq2P2
MolJZXS6ML2GoihsJcdzNmxuXs9o35GgfUrvFa+6Lee66Zi7D91FLXxEHZwG0+CY
vC4f5pg0mouoeksPHHw10T/zu4YICR4wssM6uf7FgHURXGgwL+nHTvHHLsuwQLmj
ABEBAAGJAjYEGAEIACAWIQSgJ2/DCIXpPqXyWoz1nU37iDWguAUCZw1XLAIbDAAK
CRD1nU37iDWguM2GEADSjw67r5OkzlrTFcr0QwGxj0ECRyr+p9MTkJ6uY5+RYxZO
Lt9mpsnUJAUObTonyvNYkLrG2crfL3W5bgoD8J3RgYstSpvg7apnTcrU0dVI9Eec
ylOCgOTN9GxQ4C73kQAVl3lyXYnaCA89k1eG/KI1ZN/DfZ2D8wbkdIGO8H4Bp263
ZSkLIN/+HOgNiIs83Ci3nbfZ75XYt7eFO7AOZ6ky8N0Uhjc7GUbJC2uD6Y/8S7l6
UXaBhT8yj7FL6Y03EJ43eBF0vl8eqKQCZpvf2bIkqfc8XmPK5AfWgse67pgj69Rj
kRmkckKsGqdiMe/gcqIr5b9iGtogcv9tbh3+GgaClHuOLlfuLun4tAEMQiCzZQ/9
mYUETU9c7TdIthu8/AwcwtE9CuehHoCNkA8CgchC+5h4jzDeX6Kt9EQyuY4G3F1y
q0yrnuzrcYm3p2iEDeYSXRF6h+hhxwWkZQLsSE/JJfVIB/i5JffUcPnEhbOyd82I
NygWGovV+HJNLsjBfRxEk7CmdxdO4Vyokf+Ig4P3Dmc7PA44QDZyLZI3/zP2+4St
T9n1MOCji4Qn4tukjN9k8zWochB1W7VrPZFpxKUsongvopfmt+ZNCH3rIgChxvhp
3GH5MaRYOutOH2fnwnzCy7goC09YRJF8jDv4DQXfhRxP0hn3/phHZwQEOQAq6Q==
=5OW+
-----END PGP PUBLIC KEY BLOCK-----
Fingerprint:
A027 6FC3 0885 E93E A5F2 5A8C F59D 4DFB 8835 A0B8
GnuPG Public:
ID: A0276FC30885E93EA5F25A8CF59D4DFB8835A0B8
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBGcNVywBEADiezqNNZuLYbNVzCQIu/yGAjPKThx6UkkJycQ/rfjRsurIcd4V
Ns+EpNZhzhHnLl2qPBJEnvBMgY1atmXxK497pVmUkxe76qRU89Xsq/c9+QFb5ZkW
baFF+gpqUNtz6dDeKe4P1gl0sTHvsna5/CTgsQqPE+e49uQDunCfkjdNkNRPnzgw
Cnr7YmNF/MtKG10P+XcS/uQ4KmPrmzmiAbs2sip37ossQnSJ9H+1sBeJZlNFwLua
3b1ODV4MzaUm2FCuvAsteah1s32OyhLykv6SVyF2MuE2VIFRK7YIaxWsKD9EOu/d
yU91tSBdUoaLTW5WIt6wnAaVN5T1KtZin11o72gjdpp0cDM1sffpo0XQ2TxSo+oe
XKRr7NEW6HvvLeqcS9CanwvBYRDwJUGKa5uj5HGOxY+AgUagtH3lR1QbSc9Ar83+
F6NWsAuuqDhPfrRYSBqiqbeyf1YZ8mryRUG1y5StSkLVHXmjQAxlRp2vo1v7bytZ
n74ahpycmUmcOU9dtWczdtD6Pnyhf3TRQsAbB6PEc9vjuX/lgh0Mgafez/IYZ5S1
4zZP2LPUb5F9NurzcVHWmTfxWr+2mGfude/DmwFJzurT34/Y33SBFz8Ilh1ri7Di
16doPqlqV1/S4NpOMsm6uPhgvnyW7tSLAYZt6bB0nBmlnZRwMb8RecQ/XQARAQAB
tB9DU0lSVCBHbG9ibyA8Y3NpcnRAY3NpcnQuZ2xvYm8+iQJRBBMBCAA7FiEEoCdv
wwiF6T6l8lqM9Z1N+4g1oLgFAmcNVywCGwMFCwkIBwICIgIGFQoJCAsCBBYCAwEC
HgcCF4AACgkQ9Z1N+4g1oLhx0w/+MtGUm9fq/jwyCgk0O5VpN2KeUehyPgiiY5Bx
aRcjDDTc1RlFi6YsAaWHcnIq0a8FXJeUqtbhpWLNaEKakNKyasyRpZDs7fyMjm3z
17jYgGwYxo8UIiVNSaOeeaNEMnMy1ReByBrKsHkaiH2aW4+ZOOcBirhAVuaXVVV1
1I9hCKainl3gpWgKVNXvg081JEzH1R5kw5N9jik07ryXYHVoMhO4jIQZt7iAqoV8
x4aDPVGA9J1aGEB+ad0cxtQ1juo5dHh90d9zYjiVd0TyRqh8SZ7OoadwyqwD58t8
Hl3ylEMe+y7Iy4EiQ41lg+/+wNk0qbtLEhIzK8AXDx0jeYiH3hsCQzOvWtVCPa/E
KtSww8frDeenRaASwn2qhxMGic3mUFTI0ns96JDeanqjpP74jhxlr853yA9VjXfr
Pu68o2nw7qMnxzyNpfyEZzhrb+TsoY/w2rHYOSiE6O0qZVnjGHIlJJtV6/ElqIz0
xrRVMeiHRs7BT89ae3w+bWfvHZyS6nrN9XbiNZ9DwrUKjiFtsfGiaZ6gKmpAHL1i
quxH3sjkIl9GgzB4O9DIOpP7vMLzkPqH/826AlSSkXhRUhkns0krejY8WKMQ8lcm
dt2i2BuFoiyUUucsx8pIi/StMmg/iBoOReAVurNE9X0nZ0Rq0wnxgO/55FjeBthg
3LIaOdm5Ag0EZw1XLAEQAM/weA0QaogOr8HAnPooRWYn6RZ7kMeeyOF1fHuLkb1H
fY+Zg3IfeLPwdCfbdylnv5jXriQjcIJPnSiortyYYniyMvPM3txIMDOWydpxYFSX
dJcdFmRCoASDrASkRlmCu4xwNUtZl7bVxZOew0OPoMTMMXvxp9iYJ9K89qySpJKw
BW6xhPAEGgrQCxhl0bvookHIJyPmbqQUFrdNZpsK1vj55MGf8Kr/KEpAUsMDpyjV
ToGUKXepuupN5xy3Igah6w08lhN1wPup7+cOSAply0tlplC3ENevr/0m5O9Q/teR
GnBun54wFQF5u7jNCihLiWxGyGlgi2EOyoQkRA0hSNvl+ga++EERI2WssyhXpVqu
j0FXlGGpmHd1qP5XYzLu6Ec6MOuSKQx00cjqQDPg0UXdwUqqaDa4CRbJamyg2RrG
sA+C177ECyKb/9jULTnlnlGwxyuCwPhqXNLYirMGyhdu1QBqkWr8prVvBgQrcjMK
vdHhly2k+gGIOJ64h0eeYNJL/4rvcstRQhZEA0K3aK8vS4biU2+WWXATbkkIq2P2
MolJZXS6ML2GoihsJcdzNmxuXs9o35GgfUrvFa+6Lee66Zi7D91FLXxEHZwG0+CY
vC4f5pg0mouoeksPHHw10T/zu4YICR4wssM6uf7FgHURXGgwL+nHTvHHLsuwQLmj
ABEBAAGJAjYEGAEIACAWIQSgJ2/DCIXpPqXyWoz1nU37iDWguAUCZw1XLAIbDAAK
CRD1nU37iDWguM2GEADSjw67r5OkzlrTFcr0QwGxj0ECRyr+p9MTkJ6uY5+RYxZO
Lt9mpsnUJAUObTonyvNYkLrG2crfL3W5bgoD8J3RgYstSpvg7apnTcrU0dVI9Eec
ylOCgOTN9GxQ4C73kQAVl3lyXYnaCA89k1eG/KI1ZN/DfZ2D8wbkdIGO8H4Bp263
ZSkLIN/+HOgNiIs83Ci3nbfZ75XYt7eFO7AOZ6ky8N0Uhjc7GUbJC2uD6Y/8S7l6
UXaBhT8yj7FL6Y03EJ43eBF0vl8eqKQCZpvf2bIkqfc8XmPK5AfWgse67pgj69Rj
kRmkckKsGqdiMe/gcqIr5b9iGtogcv9tbh3+GgaClHuOLlfuLun4tAEMQiCzZQ/9
mYUETU9c7TdIthu8/AwcwtE9CuehHoCNkA8CgchC+5h4jzDeX6Kt9EQyuY4G3F1y
q0yrnuzrcYm3p2iEDeYSXRF6h+hhxwWkZQLsSE/JJfVIB/i5JffUcPnEhbOyd82I
NygWGovV+HJNLsjBfRxEk7CmdxdO4Vyokf+Ig4P3Dmc7PA44QDZyLZI3/zP2+4St
T9n1MOCji4Qn4tukjN9k8zWochB1W7VrPZFpxKUsongvopfmt+ZNCH3rIgChxvhp
3GH5MaRYOutOH2fnwnzCy7goC09YRJF8jDv4DQXfhRxP0hn3/phHZwQEOQAq6Q==
=5OW+
-----END PGP PUBLIC KEY BLOCK-----
Fingerprint:
A027 6FC3 0885 E93E A5F2 5A8C F59D 4DFB 8835 A0B8