Vulnerability response
We accept all critical and high severity reports when evaluated against the Common Vulnerability Scoring System (CVSS), version 3.1. A web calculator is available to help determine if a vulnerability is in scope for submission. Items on the vulnerability rating taxonomy are in scope if they live in the P1
and P2
categories. Items that are placed in P3
, P4
, and P5
are not in scope.
We may award a small "finder's fee" for issues reported through this process. However, no reward is guaranteed. Rewards are based on the severity of the issue as judged by our analysts.