We absolutely do. If you see something that you think represents a security vulnerability or issue, please firstname.lastname@example.org. We appreciate insights and suggestions, but do not provide financial compensation.
Does this mean you don't engage external security services and advice?
Absolutely not. Rather than support ad hoc bug reports via a bounty program, we work with a range of external vendors - choosing who to engage with, the financial rewards of engagement and ensuring that the work of these specialists doesn't disrupt our paying clients.
How helpful was this page?
4.2 (Based on 19 ratings)