- Please provide detailed reports with reproducible steps.
- Submit one vulnerability per report, unless you need to chain vulnerabilities to provide impact.
- When testing has an overlap with systems or services not owned by you, the tester, make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of that service. Only interact with accounts you own or with the explicit permission of the account holder.
Please do not discuss any vulnerabilities (even resolved ones) without express consent.
When you've found a security issue that abides by the rules and scope of this project, please submit the report to us via [email protected]. In your mail, make sure to include:
- the impact of the issue;
- a detailed guide on how to reproduce the issue;
We will make a best effort to meet the following response targets for security reports:
- Time to first response (from report submit) - 5 business days
- Time to triage (from report submit) - 15 business days