Report to firstname.lastname@example.org immediately with a detailed description of the issue and the steps to reproduce it. Include a supplementary video recording if you can. We are committed to addressing security issues in a timely manner and will pay a bug bounty for your responsible disclosure. If you’d like a PGP key to encrypt your message, please email us and request one.
Depending on their impact, some reported vulnerabilities may not qualify for a reward. Although we do review each Vulnerability Report individually to determine whether a vulnerability is a Qualifying Vulnerability, below are some vulnerabilities that are unlikely to be Qualifying Vulnerabilities and are hence unlikely to earn a reward: