We support the security research community and welcome reports of vulnerabilities in our systems. We do not prosecute people who discover and report vulnerabilities to us. Keeping customer data safe and secure is a huge responsibility and a top priority. We work hard to protect our customers from the latest threats. Your input and feedback on our security is always appreciated.
Send urgent or sensitive reports directly to firstname.lastname@example.org. Use our public key to keep your message safe and please provide us with a secure way to respond. We'll get back to you as soon as we can, usually within 24 hours. Please follow up if you don’t hear back. For requests that aren’t urgent or sensitive: submit a support request.
If you are new to PGP, you can run the following command to encrypt a file called "message.txt":
Receive our keys from the key server:
gpg --keyserver keys.openpgp.org --recv-keys 48BD3343DDF1E7B9
Encrypt a "message.txt" file into "message.txt.asc":
gpg -ea -r 48BD3343DDF1E7B9 message.txt
Send us the resulting "message.txt.asc"
If you submit a report, here’s what will happen:
Please note, Know Your Team does not offer a bug bounty program or compensation for disclosure.
We respect the time and talent that drives new discoveries in web security technology. The following researchers and companies have gone out of their way to work with us to find, fix, and disclose security flaws safely: