We accept all critical and high severity reports when evaluated against the Common Vulnerability Scoring System (CVSS), version 3.1. A web calculator is available to help determine if a vulnerability is in scope for submission. Items on the vulnerability rating taxonomy are in scope if they live in the
P2 categories. Items that are placed in
P5 are not in scope.
We may award a small "finder's fee" for issues reported through this process. However, no reward is guaranteed. Rewards are based on the severity of the issue as judged by our analysts.