Bug Disclosure Policy

Once we identify a bug within a piece of software, we inform the relevant vendor and allow 90 days’ notice before we publish the details of it.

The vendor will be provided with a detailed technical description of the vulnerability. We believe a 90 day notice period is a reasonable timeframe for the vendor to take remedial action and offers an incentive for them to ensure the security of their software is upheld.

Following the notice period, we disclose the details of bugs we identify to our blog: www.rootshellsecurity.net/blog