Reporting Security Issues

We support the security research community and welcome reports of vulnerabilities in our systems. We do not prosecute people who discover and report vulnerabilities to us. Keeping customer data safe and secure is a huge responsibility and a top priority. We work hard to protect our customers from the latest threats. Your input and feedback on our security is always appreciated.

Reporting security problems

Send urgent or sensitive reports directly to security@knowyourteam.com. Use our public key to keep your message safe and please provide us with a secure way to respond. We'll get back to you as soon as we can, usually within 24 hours. Please follow up if you don’t hear back. For requests that aren’t urgent or sensitive: submit a support request.

If you are new to PGP, you can run the following command to encrypt a file called "message.txt":

Receive our keys from the key server:


        gpg --keyserver keys.openpgp.org --recv-keys 48BD3343DDF1E7B9
      

Encrypt a "message.txt" file into "message.txt.asc":


        gpg -ea -r 48BD3343DDF1E7B9 message.txt
      

Send us the resulting "message.txt.asc"

Tracking and disclosing security issues

If you submit a report, here’s what will happen:

  • We’ll acknowledge your report & tell you the best way to track the status of your issue.
  • We’ll investigate the issue and determine how it impacts our products. We won’t disclose issues until our investigation is finished, but we’ll work with you to ensure we fully understand the issue.
  • Once the issue is resolved, we’ll post a security update here along with thanks and credit for the discovery.

Please note, Know Your Team does not offer a bug bounty program or compensation for disclosure.

Recognition

We respect the time and talent that drives new discoveries in web security technology. The following researchers and companies have gone out of their way to work with us to find, fix, and disclose security flaws safely:

  • Muhammad Hammad - recognized for reporting a cross site scripting vulnerability.
  • Ayaz - recognized for reporting Missing SPF.