We deeply appreciate any effort to discover and disclose securityvulnerabilities responsibly. The Pion organisation does not operate a bugbounty program or offer monetary rewards for vulnerabilities, but we doacknowledge individuals and organisations in our security bulletins.
We take all security vulnerabilities seriously, but as this project is entirelyvolunteer driven we may not be able to respond to issues in as timely a manneras we would like. We make a good faith effort to respond to reports within 72hours.
If you would like to report a vulnerability in a component under the Pionumbrella please email:
security [at] pion [dot] ly