Security and reliability are critical components of VGS. So we welcome any input that helps us identify and eliminate vulnerabilities. Through this responsible disclosure policy, we hope to properly recognize your efforts to help us ensure the security of our customers.
If you believe you have found a security vulnerability that could impact VGS or our users, we encourage you to let us know right away. Please notify us at firstname.lastname@example.org. If possible, please include evidence as well as steps for reproducing the issue. We are committed to responding promptly.
If your report contains sensitive data, please use the public GPG key provided below to encrypt and email your findings to us.
To protect our users, please refrain from sharing information about any potential vulnerabilities with anyone outside of VGS. Once we have confirmed and mitigated the vulnerability we hope that you will join us in an announcement.
Finally, we ask that you follow our Vulnerability Disclosure Policy and make a good faith effort to avoid privacy violations, destruction of data and interruption or degradation of our service during your research.
When researching, please don't :
Thank you for helping keep VGS and our users safe!
VGS' Security Statement: https://www.verygoodsecurity.com/docs/security/security-statement
If you follow these guidelines, we promise to:
If you follow these guidelines, VGS pledges not to pursue or support any legal action related to your research.