If you find a security bug in any of our services (our website, internal tooling, API, etc.), please work us following responsible disclosure principles and these guidelines.
If you find a vulnerability in an open-source project, do not submit a normal issue or pull request in our public repository, instead report directly to firstname.lastname@example.org. You should also use this email to send details about vulnerabilities in all our closed-source projects.
We will review your submission and may follow up for additional details. If you have a patch, we will review it and approve it privately; once approved for release you can submit it as a pull request publicly in our repos (we give credit where credit is due), or we'll do it ourselves and keep you posted when the patch is live. We ask you to not share details with anyone until the patch is releases. We will keep you informed during our investigation, feel free to check in for a status update. We will release the fix and publicly disclose the issue as soon as possible, but want to ensure we due properly due diligence before releasing.
At this moment, there is no Bug Bounty Program, but we will be happy to compensate using a case-by-case basis, especially for Pabio customers, who may receive months of free services. For major vulnerabilities, we have cash payouts paid to your bank account after verification.
If you have any questions, please reach out directly to us at email@example.com.
Hall of Fame