Vulnerability Disclosure Program
Frequently asked questions
Have a different question and can't find the answer you're looking for? Reach out to our security team by sending us an email and we'll get back to you as soon as we can.
- What types of security vulnerabilities are considered in-scope for this program?
- Focus on issues affecting user data confidentiality or integrity, like XSS, CSRF, SQL injection, etc.
- Are there any specific areas where security researchers should focus their efforts?
- Concentrate on vulnerabilities compromising user data or system integrity, including dependencies.
- What issues are explicitly outside the scope of this vulnerability disclosure program?
- Excludes password policies, physical access attacks, outdated browser issues, etc.
- How should a researcher report a potential vulnerability?
- Report through the HackerOne form above, keeping all communications within designated channels.
- What can researchers expect from the program in terms of response and handling?
- Expect Safe Harbor, timely response, and collaboration in understanding and remedying reported issues.
- What guidelines must researchers follow when conducting vulnerability research?
- Adhere to policy, report quickly, avoid user privacy harm, use official channels, and respect legal constraints.