Security Vulnerability Reporting

We report security vulnerabilities

We regularly work with parties to responsibly disclose security vulnerabilities.
Publishing information about security vulnerabilities is important, and helps protect users

If we find a security vulnerability, we will:
  • Report the issue, including a link to this page for verification purposes
  • Upon successful contact, we will wait a maximum of 60 calendar days before responsibly disclosing the vulnerability
  • If contact is unsuccessful, we will wait a minimum of 30 calendar days before responsibly disclosing the vulnerability
  • Where parties do not intend to fix the disclosed issues, we will publish the vulnerability to encourage remediation

Fixed!

We have worked with the following organisations to notify them of (and help fix) security vulnerabilities: