Include as much information as possible, including what you did, what happened and what you think the potential impact may be. Include any tools used, including versions.
Provide reproducible steps
Clear instructions allow us to reproduce the issue and fix it more rapidly.
Report in a timely manner
Please report the vulnerability as soon as reasonably possible.
Do not exploit
Investigating vulnerabilities is fine, but don't use them to attack others, or to access, delete or modify others' data.
Do not disrupt
Our services and the wider Internet should not be disrupted in the course of your research.
If you believe you've found a security vulnerability, please send it to us by emailing support@getfernand.com. Include the word 'SECURITY' in the subject line and we'll take the following steps:
Acknowledge your email within 48 hours
Investigate the issue and confirm the vulnerability
Address the vulnerability within a reasonable timescale
We take all reports of potential security vulnerabilities seriously and will respond swiftly to fix verifiable security issues. We do not offer monetary rewards for vulnerability reports, but we will provide a written acknowledgement of your efforts, if you're the first to report the issue.