Mondoo values responsible disclosure to protect the security and privacy of all our users. We actively encourage respectful and non-disruptive testing and reporting of detected vulnerabilities, within the following guidelines:
- DO submit reports as soon as you are aware of an issue
- DO allow time to assess and respond to the submission
- DO respect the availability, confidentiality and privacy of our services, users and any 3rd party systems
- DO NOT attack or otherwise interfere with any account you are not the owner of
- DO NOT violate any applicable laws or regulations
- DO NOT disclose issues publicly before we've had time to assess and respond appropriately
Please submit individual reports to security@mondoo.com including a full description of the finding, how to reproduce the behavior and any supporting information. Applicable submissions will be directed to our Bug Bounty Program.