Responsible Disclosure
Coordinated vulnerability disclosure programme
We recognise responsible disclosure that improves user safety. Report vulnerabilities with reproducible detail for fast triage and remediation.
RecognisedResearcher credit
CoordinatedDisclosure process
<24hInitial triage target
Severity-basedResponse priority
What to include
Reproduction steps
Provide clear, deterministic steps and affected routes or APIs.
Impact statement
Describe user risk, exploitability assumptions, and possible blast radius.
Proof material
Attach logs, screenshots, or payloads with sensitive data redacted.
Programme guardrails
No user harm
Do not access funds, data, or accounts you do not control.
Good-faith testing only
Use the minimum validation required to prove a security issue.
Collaborative remediation
Work with security engineers on patch validation and disclosure timing.
Security contact lanes