Vulnerability Disclosure Program
Researchers can report vulnerabilities directly to our PSIRT. We acknowledge new reports within five business days, support encrypted submissions, and credit researchers in CVE records.
Safe Harbor
Good-faith research conducted under our published policy is protected from legal action.
Intake Channels
Web form, encrypted email (PGP), and coordinator-to-coordinator channel for downstream CNAs.