![[TEST] Document Foundation Community](https://communitytest.documentfoundation.org/images/discourse-logo-sketch.png){kind=logo}
Hi Security team,
I found a vulnerability and I want to know if I should send you the
vulnerability report through the website or through a special bug bounty
platform?
Personally, I prefer to submit reports within a platform to gain reporting
points.
Thank you.
Hi Min Di,
I found a vulnerability and I want to know if I should send you the
vulnerability report through the website or through a special bug bounty
platform?
I would prefer to write a bug description at
https://bugs.documentfoundation.org/
Regards
Robert
In case of a security vulnerability, it is better to follow the advice at <https://www.documentfoundation.org/contacts/get-in-touch/>: "To reach our security team, please drop an e-mail to security@documentfoundation.org".
Hi Min Di,
> I found a vulnerability and I want to know if I should send you the
> vulnerability report through the website or through a special bug
> bounty platform?I would prefer to write a bug description at
https://bugs.documentfoundation.org/
Obviously it wouldn't be a good idea to expose an unpatched
vulnerability on a public bug reporting site. If that is what is being
reported? Details of vulnerabilities need to be reported through some
private channel.