Reporting Security Findings

At Import.io, we take the security of our systems and services seriously. We encourage responsible disclosure of security vulnerabilities that may impact the confidentiality, integrity, or availability of our products or infrastructure.

Reporting Process

If you believe you've discovered a security vulnerability in our systems or services, we appreciate your efforts in notifying us promptly. Here's how you can report security findings to our team:

Review Our Responsible Disclosure Policy

Before submitting a report, please review our Responsible Disclosure Policy to understand the scope of acceptable findings and our commitment to addressing reported vulnerabilities.

Submit a Security Report

To report a security vulnerability, please send an email to security@import.io with detailed information about the issue you've identified. Include any relevant technical details, steps to reproduce the vulnerability, and any potential impact on our systems or users.

Response and Collaboration

Once we receive your report, our security team will review the information provided and investigate the reported vulnerability. We may reach out to you for additional details or clarification as needed. We'll keep you informed of our progress and any actions taken to address the issue.

Responsible Disclosure Policy

Our Responsible Disclosure Policy outlines our commitment to working collaboratively with security researchers and members of the community to address security vulnerabilities in a timely and responsible manner. While we don't operate a bug bounty program, we recognize the value of security research and may consider offering bounties for certain critical findings on a case-by-case basis. We consider to be critical those vulnerabilities that pose a severe risk to the confidentiality, integrity, or availability of our systems or user data. Examples include RCE, authentication bypass, and critical data leakage vulnerabilities.

Legal Considerations

Please note that any security testing or research activities should be conducted in accordance with applicable laws and regulations. Unauthorized access to or exploitation of our systems may be considered illegal and could result in legal consequences.

Contact Information

For questions or concerns about our security reporting process, please contact our security team at security@import.io.

‍