Security Vulnerability Reporting and Bug Bounty Program
Last updated: March 13, 2026
This guide explains how to report security vulnerabilities and our approach to responsible disclosure.
This guide will help you:
Understand our security reporting process
Learn about our bug bounty program status
Know what to expect when reporting vulnerabilities
How to Report Security Vulnerabilities
If you've discovered a potential security vulnerability in our systems, we appreciate your responsible disclosure. Please send your report to our security team at security@company.com with the following information:
A clear description of the vulnerability
Steps to reproduce the issue
Potential impact assessment
Any supporting evidence or proof of concept
We are committed to addressing legitimate security concerns promptly. Please allow our team reasonable time to investigate and respond to your report before considering public disclosure.
Common Questions
Do you have a bug bounty program?
We currently do not have a formal bug bounty program that offers monetary rewards for vulnerability reports. However, we greatly appreciate responsible disclosure and will acknowledge researchers who help improve our security posture.
What should I do if I don't receive a response to my security report?
If you haven't received a response within a reasonable timeframe (typically 5-7 business days), please follow up by sending another email to security@company.com. Include your original report reference if available.
Can I publicly disclose vulnerabilities I've found?
We request that you follow responsible disclosure practices by reporting vulnerabilities to us first and allowing adequate time for remediation before any public disclosure. This helps protect our users and gives us the opportunity to address security issues appropriately.