- Summarise the issue and its criticality Please explain in concise terms what the problem is and why you feel it is worthy of our attention. You can be as technical as you like but please use your own words, rather than link to lengthy articles on the subject. You must give an indication of the severity so that we can prioritise your request.
- Provide evidence Please include screenshots or tool output demonstrating that there is a vulnerability, and showing exactly what is at fault. It is also important that you provide enough information for us to verify the issue ourselves.
- Set our expectations State what you are expecting in return for reporting this information. Are you looking for thanks, public acknowledgement, or payment?
- Identify yourself Provide your contact details including a phone number and address, and links to your company website. Please use your real name.
We will consider your notification if you've read and followed all four of the steps above. We will not respond to notifications that appear to be system generated. Please also be aware that we do not have a formal bug bounty programme. However, we do have a vulnerability management process, so if you have identified a common, low-risk issue, there is a good chance we already know about it.