Vulnerability disclosure

Last updated

Disclosure policy

Our vulnerability disclosure policy

Rules

Disclosure rules

• Do not access user data
• Do not disrupt service
• Do not disclose until fixed
• Act in good faith

Report vulnerability

How to report a vulnerability

Include in report

• Vulnerability description
• Steps to reproduce
• Potential impact

Commitments

Our commitments

• Respond to reports promptly
• Acknowledge receipt within 48 hours
• Keep researcher informed of progress
• Not pursue good-faith researchers

No bug bounty program