Vulnerability Disclosure

Vulnerability Disclosure

The policy for receiving vulnerability reports.

This page explains how security researchers and reporters can disclose vulnerabilities responsibly.

Good-faith reports

Good-faith reports that are made with care for user safety and without unnecessary impact are welcome.

What to include

Please include the affected target, reproduction steps, expected impact, and whether data exposure or account risk is involved.

Safe-harbor intent

If the work stays within reasonable bounds, avoids privacy violations, and is clearly intended to resolve a problem, that intent will be taken seriously.

Cryptographic communication

This section points to the keys used for contact and verification.