VDP Platform

Public Security Program

Security research with clear rules and safe harbor protection

Responsible disclosure helps us protect users faster. Review scope and policy requirements, then submit findings through a secure workflow.

48h initial triage target Non-bounty recognition model Safe harbor policy active
Submit Report View Program Policy See researcher recognition

Initial triage

48h

Operational target for first review.

In-scope assets

N/A

Actively published testing targets.

Hall of Fame

N/A

Researchers publicly recognized.

Program model

Non-bounty

Recognition, badges, and impact visibility.

Step 1

Read policy and scope

Verify target eligibility and testing constraints before any probing.

Step 2

Submit technical details

Provide reproducible steps, impact, and evidence for validation.

Step 3

Track progress securely

Receive updates through researcher access verification and thread messaging.

Safe Harbor Highlights

Test only in-scope assets and avoid destructive techniques.

Research in good faith is treated as authorized under this policy.

Report issues through the official submission workflow.

Allow remediation time before any public disclosure.

Read full safe harbor policy

Legal highlights

Social engineering and physical security testing are prohibited.

DoS, high-volume scanning, and out-of-scope testing are not allowed.

Do not retain sensitive data beyond what is needed to demonstrate impact.

Coordinate disclosure with the security team first.

Review complete legal policy

Scope snapshot

Confirm your target is in scope before testing.

Open full scope

Frequently asked before submission

Can I test third-party integrations?

No. Testing is authorized only for assets explicitly listed in scope.

Are monetary rewards guaranteed?

No. This VDP uses non-bounty recognition through Hall of Fame listings and badges.

How do I receive updates after reporting?

You can verify researcher access and continue communication in the report thread portal.

Top recognized researchers

Live leaderboard preview

Recognition list will appear as validated reports are published.

Open Hall of Fame

Found a vulnerability?

Submit a clear, reproducible report. Include affected asset, impact, and validation steps to speed up triage.

Submit Report Review Policy First

VDP Platform

Security research conducted in good faith helps keep our users safe.

Navigate

Home Program Policy Hall of Fame Submit Report

Program Notes

Non-bounty disclosure program. Financial rewards are not guaranteed.

Testing is only authorized for listed in-scope assets.