Reporting a vulnerability
We accept vulnerability reports at this form. Reports may be submitted anonymously.
We do not accept reports via email.
By submitting a vulnerability, you acknowledge that you have no expectation of payment and that you expressly waive any future pay claims against Fons related to your submission.
What we would like to see from you
In order to help us triage and prioritize submissions, we recommend that your reports:
Describe the location the vulnerability was discovered and the potential impact of exploitation.
Offer a detailed description of the steps needed to reproduce the vulnerability (proof of concept scripts or screenshots are helpful).
Are written in English, if possible.
What you can expect from us
When you choose to share your contact information with us, we commit to coordinating with you as openly and as quickly as possible.
To the best of our ability, we will confirm the existence of the vulnerability to you and be as transparent as possible about what steps we are taking during the remediation process, including on issues or challenges that may delay resolution.
We will maintain an open dialogue to discuss issues.