Security is at the forefront of what we do. We make a significant effort to keep everything secure for our users, but if you happen to find parts of our code that are vulnerable please let us know ASAP so that we can address it.
The quickest way to get ahold of us is on our Gitter community channel.
These are the timeframes in which we aim to resolve any security issue, based on their severity:
| Severity | Resolution time SLO |
|---|---|
| Critical | 2 days |
| High | 5 days |
| Medium | 14 days |
| Low | 31 days |
Anyone reporting a vulnerability will be added to our credits permanently. Financial rewards are generally unavailable at this point in time but we are open to discuss compensation on a case by case basis.