Report a Vulnerability

Reporting a Security Vulnerability

Protecting our customers’ data is a responsibility that Anonyome Labs takes seriously. We recognize the valuable role that independent security researchers play in Internet security. As such, we welcome reports of all security vulnerabilities in Anonyome Labs’ products or services.

Responsible Disclosure

We encourage you to follow these responsible disclosure guidelines, and request that you not disclose your finding publicly until a fix or workaround has been provided by Anonyome Labs. Please send your report via email to security@anonyome.com.

Vulnerability Reporting Guidelines

1 Provide sufficient detail on the steps to reproduce the issue, any code samples you wish to share, applicable screen capture or video, sample packet capture and other details that could facilitate our identification and verification of the problem.

2 You can use the PGP key at the bottom of this page to encrypt sensitive information.

3 Do not publicly share information related to the vulnerability until Anonyome Labs has released a fix.

4 Allow a reasonable timeframe for Anonyome Labs to address the vulnerability and release a fix. Specific timeframes will be estimated during our assessment of your report.

Anonyome Labs’ Commitment to You

  • We will acknowledge your report within 24 hours of when we receive it.
  • We will work closely with you to understand your report and validate the security vulnerability you are disclosing. We will aim to provide you at least one update per week.
  • The information you share with Anonyome Labs as part of this process is kept confidential within Anonyome Labs. It will not be shared with third parties without your permission.
  • We will notify you when the vulnerability has been resolved and a release plan has been determined.
  • If we cannot validate and reproduce the issue in your report, this will also be communicated to you.
  • We will publicly acknowledge your responsible disclosure if you wish. We also respect your right to anonymity if you prefer.
  • If applicable, Anonyome Labs will coordinate public notification of a validated vulnerability with you. When possible, we would prefer that our respective public disclosures be posted simultaneously.

For the protection of our customers, Anonyome Labs does not disclose, discuss, or confirm security issues until a full investigation is complete and any necessary patches or updates are available.

PGP Public Key

Sensitive data in your report can be encrypted with this public key.

-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBFnTV/gBEAC7ORhL6LWj7OkLV/Sm4hd3+5/Qv7Wto1o/iGr/vAb20GO7tjED
0KPEq+8/fI7PJIts/e0WCLzD0gcrcktBPnBIYPI+xWfFAULAKaxVt+cAV/r2AZht
H//2uNJUiQY/YXs3LqvvJyRFOJGgQCjm8XhSmZ60/gSZvufdpuMI93wJ56jJZPc3
EVRmoasBcG2eLh4F+3kVxRuFwdFDATurkZ2oZpXuQzCm3hG+dRG9bpj7xB9fYtxI
s/5NckuElcBXVq6g/wNYwKpHmlrukLz+RKz5RPFcFDRNlcQhd/aqrC8wNyID/b0G
5mRV22wQzSc/zk5K/GhelgoaqgNRNgo9Y1E7nfpaP8Jwo194tzzMncAq4swAXdMc
F+9+08aZzdUWnJCaJ0Mjx+kPt19/FBKJDgpqUtdMxnBF1yIATrm4TCXA7fDX27MN
wkf1hmjED+DLqsE1UtuwwGA5w4yDWhuH+lbeMydbz5ODv1f4SKyBQGiypibFTmtV
dLmFDez1awsouuioT10t/yb7k6j/hSxuWY5arkpatzmk7+UhVz/d0YMNERccq46k
RV7gU+oIEfjZPUaaZO3Vkl6pI+NSPF59fb1Y6bj/KSK4lsLidWw5tabHWXEogoO3
/f0fHtMFZPExr6/4Lj3qL/gplnI9LE6B4VgJVvPRRF6VuD2LOyjDnZ9WuQARAQAB
tEFBbm9ueW9tZSBTZWN1cml0eSBWdWxuZXJhYmlsaXR5IFJlcG9ydGluZyA8c2Vj
dXJpdHlAYW5vbnlvbWUuY29tPokCVAQTAQoAPhYhBNrpJpqcfAw2ZbG9a3V2zeag
ZSbsBQJZ01f4AhsDBQkHhh+ABQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEHV2
zeagZSbsh1EQAKVlkhmhjDlb44VPElQuPQQLjElNaRX6nkgGIrevdUHjOg2SZ/ur
FQC8liJiSqT4QTVZhdZ4B8WN6z/UL4X8cR7am9uwihkLBnLRd+Z/uyB+44msIFnb
Esl5TVtyNJmnLW6/wyIfIpiJiKbW3ongbdKD/FYGKRm25KiPWoXx7uaFRa37JGhX
+tidzoLBRaBtDUzds8rYahABLlbWLyelx51xoh6WHgE2zmNa4tMsrB54qBoTWFCt
EWAq133aidBbK0/iwnHSE34NcumOGaymbhsHJOk/0rwbJ+fA9xa6BFmBXRY/OMGL
3YESzBSODe4ecLayyLYRR10qsNCIzge8zOsU6KqObAeB3gqHYDvUumo4cluYL0/v
e/o5IxXtiQQv5COiKv393iwzGhXE9Wngm/B3i38EKOC/4f7ZPDfE3YSGnW58d3Dz
kRr0hJe+y6rCAXWPUsSCyIwwSAYED4JpJN/ZqJjP61wVS/a2PH9tQ6huEXOqYpNe
OMXX+fa3rfCTphwhtdqic+TgW91nl3I39aDNt/ban+oplUu3YmmKo7fHnOu9vlSR
fJOe1lFKYY5auLRNkXzKVAamiz3tjC7/GdHzS2H+2BJWyQdmEwxzFXx5rrtnJSgv
x/dplBMN/aNFszbjgBFUGc4reGTcRK8o2K9IyIZ56NpCWg4AAJ+2cnAnuQINBFnT
V/gBEAC6kWJX5+XBUU5kJVwXLGd6AgKFS9FnjhKDKJsj3q6KST86B/8kkJW1QQ5Q
spXmMV0F0WHgNJ47dIFWrcKwscF2WcnyIfbG4w0hQAkATEi8RcDiWz+8OZxNOFJl
9CNYQHQjSbV3sJmvMMbMGjwN9esCnfxUXrzB9m/WIoy2DP1FGR9ZRbvJ5kiZI5E4
8n2QCz1PSHsJU2OY3a1gtOMO3au10ni5qCVKglboVBhUYw7nJhSDaM+WQHMPUj/a
v0Bgb5+plIkTQgo9IXFUx3ChX+Qohuntvn7jGUpF9/JrPVF9A4Bvp/XUadYTzjwV
3BvmvGSBsfoAor5zAgIsY0YabgCDtf2Qo7kUOwgFWKlPCBDR7d7UsFvcRRBtsIbl
ulR1sriAvMnZrmdz4MRictZ5cHT4/Z15D9mN/owJ2Rtg2GT1q5hsm70z9Rm1ILaU
xP4YA6opsk5zFk9b7NNHBJ9r4X8MaCYjI9Yoph0uSpSepI6skWfyzCN6Nc6xTfqs
BC8ZbesXofZuvQnjQFB90MFCtKubjE0CexeruOyTsTtmhAm/bq3ofyObxn125A+Y
EXomTVZ8zGzNiVUeZNPT5ZafoC0Vb0Q7fPzutFIfXJjLpAiA7uWnk44J1DA12hdF
06FSeJ5rNlXUiwHJQXJ9NncB9LpMPt0hQNatvP2drrqAiFY4EwARAQABiQI8BBgB
CgAmFiEE2ukmmpx8DDZlsb1rdXbN5qBlJuwFAlnTV/gCGwwFCQeGH4AACgkQdXbN
5qBlJuzI3Q//S5HrEIZArLFlvN9zTwWChKAd/mm6/IixQ6xVeunoCxfy7HR5mrOp
ppCpHhUS/L2znh+v1LvmxcBXmXVmp0ZZn2GdphccL0kfNogkd3m98Pb1JPHcj5We
1cRJEXTLrcgVTZha32bU3M0D2OE6rxYyuU1Hyf5WkvLdeTL8n8IWZhMCIG7ciSMH
BE7wofg9mN6Ya5tU74pdBsJZCVx3m4EzrZ+uFa7IMBP8usMFHN/MrK0yo+LsoazV
UWNmEPWTQW+UjVd42QiEJcU0T6VW73gqiUNzRsD6Sggg6oWZGTdlSvB8j1nUmMzH
f/4oZLJSoEx/MGumND8hHfQAvEoU2PS4YNCWZ93jqtK6V5pUWPxseNTdk9zAm6PT
FEmkbmqohCLqbQyyw5HnXRf0hI+6uyXLhdIC9JYeOBB29TbzERQ4heNGi1AIer4W
Hqh0rTAUxiFAlYYra9kjMH3IvILSOoVDmSx5Son8I9Jdr0LhxD/VG9vxHsRgOW1i
DjIu39WISzTgQtECPi6LOSYOMzngMBdO8BBuYeJClCiLer5xCpJUc+MokD33qIrv
yzQU6CBTUETgiRmKKlvMa+sdKIS5H9id14VJxqHewye+eHuRlzGEeO/PhJ0vpffm
YICRtUlWE1NZyP/jx+VuSbemYSHO+fQHrPP8WTa2pt8uK1XK0uzTm5o==FDvN
-----END PGP PUBLIC KEY BLOCK-----