How to disclose
Step 1.Include the following information in your report.
- Code or proof of concept so we can reproduce the vulnerability
- Description of the vulnerability
- Your name/handle: In order for us to give you proper recognition if you wish.
Step 2. Use the following PGP key when submitting sensitive information.
PGP: 4B40 A37E D0BB 0775 EA91 0A31 684B DEA7 EF01 480E
After your submission, we will follow up with you as part of the review process. Once we have determined that you have found a security bug, we will give you recognition for your work as part of our “Hall of Thanks” (if you desire) and allow you to claim your bounty reward.
- We do not reward bug bounties for vulnerabilities found in third party services. Please report these issues directly to the relevant service.
- We typically do not reward bug bounties for products or services that we do not sell or offer yet (such as beta devices) or for products or services that we no longer support (after their end-of-life). However, please still submit any vulnerabilities you find. We may consider paying out a reward regardless.
Please read the details for full requirements on how to be eligible for the bug bounty program.