Report a Vulnerability

Protecting our customers’ data is a responsibility that Anonyome Labs takes seriously. We recognize the valuable role that independent security researchers play in Internet security. As such, we welcome reports of all security vulnerabilities in Anonyome Labs’ products or services.

Responsible Disclosure

We encourage you to follow these responsible disclosure guidelines, and request that you not disclose your finding publicly until a fix or workaround has been provided by Anonyome Labs. Please send your report via email to security@anonyome.com.

Vulnerability Reporting Guidelines

  1. Provide sufficient detail on the steps to reproduce the issue, any code samples you wish to share, applicable screen capture or video, sample packet capture and other details that could facilitate our identification and verification of the problem.
  2. You can use the PGP key at the bottom of this page to encrypt sensitive information.
  3. Do not publicly share information related to the vulnerability until Anonyome Labs has released a fix.
  4. Allow a reasonable timeframe for Anonyome Labs to address the vulnerability and release a fix. Specific timeframes will be estimated during our assessment of your report.

Anonyome Labs’ Commitment to You

  • We will acknowledge your report within 24 hours of when we receive it.
  • We will work closely with you to understand your report and validate the security vulnerability you are disclosing. We will aim to provide you at least one update per week.
  • The information you share with Anonyome Labs as part of this process is kept confidential within Anonyome Labs. It will not be shared with third parties without your permission.
  • We will notify you when the vulnerability has been resolved and a release plan has been determined.
  • If we cannot validate and reproduce the issue in your report, this will also be communicated to you.
  • We will publicly acknowledge your responsible disclosure if you wish. We also respect your right to anonymity if you prefer.
  • If applicable, Anonyome Labs will coordinate public notification of a validated vulnerability with you. When possible, we would prefer that our respective public disclosures be posted simultaneously.

For the protection of our customers, Anonyome Labs does not disclose, discuss, or confirm security issues until a full investigation is complete and any necessary patches or updates are available.

PGP Public Key

-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBFnTV/gBEAC7ORhL6LWj7OkLV/Sm4hd3+5/Qv7Wto1o/iGr/vAb20GO7tjED
0KPEq+8/fI7PJIts/e0WCLzD0gcrcktBPnBIYPI+xWfFAULAKaxVt+cAV/r2AZht
H//2uNJUiQY/YXs3LqvvJyRFOJGgQCjm8XhSmZ60/gSZvufdpuMI93wJ56jJZPc3
EVRmoasBcG2eLh4F+3kVxRuFwdFDATurkZ2oZpXuQzCm3hG+dRG9bpj7xB9fYtxI
s/5NckuElcBXVq6g/wNYwKpHmlrukLz+RKz5RPFcFDRNlcQhd/aqrC8wNyID/b0G
5mRV22wQzSc/zk5K/GhelgoaqgNRNgo9Y1E7nfpaP8Jwo194tzzMncAq4swAXdMc
F+9+08aZzdUWnJCaJ0Mjx+kPt19/FBKJDgpqUtdMxnBF1yIATrm4TCXA7fDX27MN
wkf1hmjED+DLqsE1UtuwwGA5w4yDWhuH+lbeMydbz5ODv1f4SKyBQGiypibFTmtV
dLmFDez1awsouuioT10t/yb7k6j/hSxuWY5arkpatzmk7+UhVz/d0YMNERccq46k
RV7gU+oIEfjZPUaaZO3Vkl6pI+NSPF59fb1Y6bj/KSK4lsLidWw5tabHWXEogoO3
/f0fHtMFZPExr6/4Lj3qL/gplnI9LE6B4VgJVvPRRF6VuD2LOyjDnZ9WuQARAQAB
tEFBbm9ueW9tZSBTZWN1cml0eSBWdWxuZXJhYmlsaXR5IFJlcG9ydGluZyA8c2Vj
dXJpdHlAYW5vbnlvbWUuY29tPokCVAQTAQoAPgIbAwULCQgHAwUVCgkICwUWAgMB
AAIeAQIXgBYhBNrpJpqcfAw2ZbG9a3V2zeagZSbsBQJj0EepBQkNMAd4AAoJEHV2
zeagZSbskQ8QAJQi9yM3OQL0tfbPDsDretz72/xy85FHizoetY4TLtEXqiBUi+E9
dzdjpkoQDsIBTjcHSCBzsvBJ5sYZErbt/cCLmAj3jXe628u6QTc6ZEscuxiOz29t
/Zq9R73AsU3MbAytaXYjOt9jCfyvxo4mx2wuiDTvAxO+kRMadlGaV+WdyV9nuzTf
FFGcpMe9p2w/Yn9NsQcR3kzBLJCux8vYYDdmSIzyDxCAMwZw+KKRS2o6fWh3EqMw
Cdnvg+UC47JDyrEdeK3/2STck83AjgI3NIx+rzjEz5lVGy1ENLzZtDXPMcRqRu+n
jdLblqRDTGhwg68IaY03rZGE6lUDQXRTGp7ytIg22QHjvXwEqgl9wlQxBjmLWsk6
mofhDCkm/vGTXKkKFW7JzJWaRSCyDaa1Cu3VYhP+cbMHJOIWedpRTqaH5+kifULA
REYplmLcxPkKk8nm8o/Eozzc4ZLWulPwN6+bewhE4/ZHSQQhelKhBvHnSlbGeAjv
+EfZf32WZrsvTXK8Ug8wjGLk9K9HLdynbebEwf8/+GPCKSosVyzmdFXWLkja9WGf
/MW06I11dTxu2jD0yXRqP4MDqHTkuTh25HgUJrZhrLXDVBphbAbDrCLSjU13LKBw
gbgAYQZvLVHgepSMlxBmazOzsdhl9/47ap/ISJfSn2Jo//1tLjrwsZeEuQINBFnT
V/gBEAC6kWJX5+XBUU5kJVwXLGd6AgKFS9FnjhKDKJsj3q6KST86B/8kkJW1QQ5Q
spXmMV0F0WHgNJ47dIFWrcKwscF2WcnyIfbG4w0hQAkATEi8RcDiWz+8OZxNOFJl
9CNYQHQjSbV3sJmvMMbMGjwN9esCnfxUXrzB9m/WIoy2DP1FGR9ZRbvJ5kiZI5E4
8n2QCz1PSHsJU2OY3a1gtOMO3au10ni5qCVKglboVBhUYw7nJhSDaM+WQHMPUj/a
v0Bgb5+plIkTQgo9IXFUx3ChX+Qohuntvn7jGUpF9/JrPVF9A4Bvp/XUadYTzjwV
3BvmvGSBsfoAor5zAgIsY0YabgCDtf2Qo7kUOwgFWKlPCBDR7d7UsFvcRRBtsIbl
ulR1sriAvMnZrmdz4MRictZ5cHT4/Z15D9mN/owJ2Rtg2GT1q5hsm70z9Rm1ILaU
xP4YA6opsk5zFk9b7NNHBJ9r4X8MaCYjI9Yoph0uSpSepI6skWfyzCN6Nc6xTfqs
BC8ZbesXofZuvQnjQFB90MFCtKubjE0CexeruOyTsTtmhAm/bq3ofyObxn125A+Y
EXomTVZ8zGzNiVUeZNPT5ZafoC0Vb0Q7fPzutFIfXJjLpAiA7uWnk44J1DA12hdF
06FSeJ5rNlXUiwHJQXJ9NncB9LpMPt0hQNatvP2drrqAiFY4EwARAQABiQI8BBgB
CgAmAhsMFiEE2ukmmpx8DDZlsb1rdXbN5qBlJuwFAmFec4sFCQtNgpMACgkQdXbN
5qBlJuyKxQ/+PuxqvF48m3yYSPYmQXGxW4leLlktpjyUzlIHm+tA5Rf++bhBWLrx
JWNRu/wIEZOi6Fp+dCJ0pWn00IPh+Ex/HUBht0x1jtkE/beY0btcwJj2DLzsdE7P
V+iv+fH5ZtU/ThP6FtgXZrjtqS+770OSFi6QZAq33fqmz0S6jU8KWHjrqdw5vKoa
mpSDli1r2T8OcCiPnQ6c1shPQl2F79vpWrtJpxmv97W95bfaIGLykPeaZ0FmS8kT
3H0082cRHZuABu+/7US/oDvTbUU+Pavo64JEo4Y5v4iHR2K8ucl/hVAXfHIR9bWv
LBHLOE8L357i47xJhaOLMY9K63dOkjmOXctctnMSS5BqdnTY3AvYcn11Eqf/KQZr
xP7tuOGzIyAvOJj7f43Yf32suh5yTN6VkJIdOKSzyXtv0bFK44MgEI0Opl8P2VZO
sJyMVNuk8UkvrI/gtkZV98u+vL4DhIn/r6HpoZ5QgA8ZQUafhNmn/Ie6NFjK/FcM
EkOjoLifcXbstRAVg5aN3kQpITWOhh/n1zEgcOhECzhvJgEjDH1j5rBE2/JoVuMO
27IZk8tYYp2HdOeHVzBNXMKKq1MvjErW7XsCmwJv8R6pbmxMBzntF5N6xTJt6Bm2
EhdKVe/W5IBPwB4dJad+E/nHqA6WoHOCFRRD78/hGpWi0E4an9TA8WQ=
=PP0E
-----END PGP PUBLIC KEY BLOCK-----