If you wish to report a security vulnerability, we ask that you follow the following process.
Visit our Responsible Disclosure Policy and you can report a security vulnerability by filling out the form on that page.
If you are unable to access the form, you can also report a security vulnerability by sending an email to [email protected].
If you send us an email, please provide the following information:
- PROJECT: A URL to project's repository
- PUBLIC: Please let us know if this vulnerability has been made or discussed publicly already. If so, please let us know where.
- DESCRIPTION: Please provide precise description of the security vulnerability you have found with as much information that you are able and willing to provide.
Please send the above info, along with any other information you feel is pertinent to: [email protected].
In addition, you may request that the project provide you a patched release in advance of the release announcement. However, we cannot guarantee that such information will be provided to you in advance of the public release and announcement. The Open Source Community Manager will email you at the same time the public announcement is made.
The HiddenLayer Open Source Community Manager will let you know within two business weeks whether or not your report has been accepted or rejected. We ask that you please keep the report confidential until we have made a public announcement.