Please send a detailed mail to [email protected] to request to be invited in the VDP program in Bugcrowd.

It is recommended to send the report to [email protected] (and obviously not to discuss the issue anywhere else).

Examples for details to include:

• Ideally a short description (or a script) to demonstrate an exploit.
• The affected platforms and scenarios (the vulnerability might only affect setups with case-sensitive file systems, for example).
• The name and affiliation of the security researchers who are involved in the discovery, if any.
• Whether the vulnerability has already been disclosed.
• How long an embargo would be required to be safe.

Our vulnerability disclosure program is hosted through Bugcrowd and is in a closed state, if you wish to be included in the program send an email with your username to [email protected] requesting an invitation to the bounty program.