Skip to main content
Bug Bounties and Vulnerability Reports

Bug Bounties and Vulnerability Reports

Mica Manson avatar
Written by Mica Manson
Updated over a year ago

Reporting a vulnerability

We accept vulnerability reports at this form. Reports may be submitted anonymously.

We do not accept reports via email.

By submitting a vulnerability, you acknowledge that you have no expectation of payment and that you expressly waive any future pay claims against Fons related to your submission.

What we would like to see from you

In order to help us triage and prioritize submissions, we recommend that your reports:

  • Describe the location the vulnerability was discovered and the potential impact of exploitation.

  • Offer a detailed description of the steps needed to reproduce the vulnerability (proof of concept scripts or screenshots are helpful).

  • Are written in English, if possible.

What you can expect from us

When you choose to share your contact information with us, we commit to coordinating with you as openly and as quickly as possible.

  • To the best of our ability, we will confirm the existence of the vulnerability to you and be as transparent as possible about what steps we are taking during the remediation process, including on issues or challenges that may delay resolution.

  • We will maintain an open dialogue to discuss issues.

Did this answer your question?