Security & Vulnerability Disclosure Policy

Security

We’re working hard to make sure that our software is secure. If you find any vulnerability due too our implementation, please let us know. If a vulnerability is due to one of our software libraries that is using a current release, please let the respective open-source project know (though, we’d also like to know too).

Vulnerability Disclosure Policy

Please send us an email to [email protected] with details. Feel free to do so from an anonymous account. Provide as many details as you can and, in particular, the information required to reproduce the bug or vulnerability. If you have shared permanent contact information, we will get back to you within 48 hours or when we have reproduced the bug, whichever is sooner. We do not currently have a PGP key setup, however, this is something we expect to setup in the near future.

Acknowledgments

If you would like to be listed in our Security Acknowledgements for your security disclosure, let us know the details of how you would like to be listed when you submit your disclosure (e.g. name, handle, portfolio site, or any other relevant details).