After you submit a vulnerability report, the following steps will occur:
- Acknowledgment: We will promptly acknowledge receipt of your report and may request additional information if needed.
- Triage: Our security team will review and triage the report to assess the severity and impact of the vulnerability.
- Investigation: We will work to understand and validate the vulnerability. Our team may reach out to you for further clarification or to gather more details.
- Remediation: Once validated, we will work on a fix or mitigation for the vulnerability. We strive to address reported issues in a timely manner.
- Updates: We will keep you informed about the progress of your report and the remediation status.
- Recognition: If the report is eligible for a bounty, we will determine the reward based on the severity and impact of the vulnerability.
Please note that vulnerabilities reported that are already known or do not meet our criteria may not qualify for a bounty.