When you use our products, you want to know that your data is secure. The security and integrity of your data is a top concern for us. We work hard to ensure we stay on top of the latest threats so that our products—and the systems on which they run—remain up to date.
Please note that we do not have a bug bounty program, but we take security reports very seriously. We always aim to quickly address security concerns reported to us regarding our products (FogBugz, Kiln).
Depending on the severity of the issue, we might do a special deploy or special release of our licensed software (sometimes even the same day). This makes it unlikely that the same issue will be discovered and reported by two people, but if it is, we will co-credit you on our website.
Need to Report a Security Vulnerability?
Contact us. When a potential security vulnerability is reported, it is handled with the highest priority until it is appropriately addressed.
Would you like credit for a vulnerability that you discreetly reported to us? Let us know, and we will be happy to mention you on this page.
You can find more about the security policies for our products below:
Thanks to the following individuals for responsibly disclosing a security vulnerability in one of our products:
- Edis Konstantin - edis.konstantini
- Kamil Sevi - @kamilsevi
- Yehia Mamdouh - yehia.mamdouh.98
- Ishan Anand (Zero-Access) - zero.access999
- Sahil Saif - nullrex
- Nitesh Shilpkar - niteshshilpkar
- Monendra Sah - @mohitnitrr
- Patrik Fehrenbach - @itsecurityguard
- Noman Ramzan & Zeeshan Haider - MLT Blogs
- Adam Ziaja - @adamziaja
- Muhammad Shahmeer - Shahmeer.1994
- Jon of Bitquark - bitquark
- Tanoy Bose - TanoyBose
- Warren He
- Mithat Gogebakan and Daniel Bishtawi - Netsparker
- Sahil Mehra - Nullrex