Reporting security issues

Security researchers and ethical hackers are essential partners in keeping App2 secure. Discovered a vulnerability? Contact security@app2.dev and we'll guide you through our coordinated disclosure process with detailed submission guidelines.

Privacy Protected

Your research and personal information remain completely confidential throughout our security review process.

Ethical Collaboration

We partner with security researchers using industry-standard coordinated disclosure to protect all users.

Rapid Remediation

We prioritize security fixes and work urgently to patch vulnerabilities while keeping you informed throughout.

Security Vulnerability Guidelines

We appreciate the security research community's efforts to make App2 safer. When reporting security issues, please follow these guidelines to ensure effective and responsible disclosure:

What to Include in Your Report

  • Detailed description of the vulnerability
  • Steps to reproduce the issue
  • Potential impact and exploitation scenarios
  • Any proof-of-concept code or screenshots
  • Your contact information for follow-up
  • Suggested remediation steps (if applicable)

Types of Security Issues We Address

  • Authentication and authorization bypasses
  • Data injection vulnerabilities (SQL, XSS, etc.)
  • Remote code execution vulnerabilities
  • Privilege escalation issues
  • Sensitive data exposure
  • Cross-site request forgery (CSRF)
  • Security misconfigurations
  • Business logic vulnerabilities

Our Commitment to Security Researchers

When you work with us on security issues, we commit to:

  • Respond to your report within 72 hours
  • Provide regular updates on our investigation
  • Work with you to understand and resolve issues quickly
  • Recognize your contribution (with your permission)
  • Maintain confidentiality and handle reports professionally

Safe Harbor

We consider security research conducted under this policy to be authorized conduct under the Computer Fraud and Abuse Act, the DMCA, and applicable anti-hacking laws such as Cal. Penal Code 502(c). We will not initiate a lawsuit or law enforcement action against you in response to your research.

Please Do Not

  • • Access or modify data that doesn't belong to you
  • • Disrupt our services or degrade user experience
  • • Publicly disclose issues before we've had time to address them
  • • Perform testing on our production environment with real user data

Found a security vulnerability?

Report Security Issue

All security reports are handled confidentially and will receive a response within 72 hours.