Reporting Security Issues on FogBugz




When you use our products, you want to know that your data is secure. The security and integrity of your data is a top concern for us. We work hard to ensure we stay on top of the latest threats so that our products—and the systems on which they run—remain up to date.




Please note that we do not have a bug bounty program, but we take security reports very seriously. We always aim to quickly address security concerns reported to us regarding our products (FogBugz, Kiln). 


Depending on the severity of the issue, we might do a special deploy or special release of our licensed software (sometimes even the same day). This makes it unlikely that the same issue will be discovered and reported by two people, but if it is, we will co-credit you on our website.


Need to Report a Security Vulnerability?


Contact us. When a potential security vulnerability is reported, it is handled with the highest priority until it is appropriately addressed.


Would you like credit for a vulnerability that you discreetly reported to us? Let us know, and we will be happy to mention you on this page.


Security Information


You can find more about the security policies for our products below:




Thanks to the following individuals for responsibly disclosing a security vulnerability in one of our products: