SECURITY DISCLOSURE

Security Researchers

A dedicated team of Shapers work round-the-clock to keep Shape’s products and customer information secure from attackers. However, we also recognize the important role independent researchers and the security community play in detecting emerging threats and new vulnerabilities. As a security-focused company, we are committed to addressing and reporting security vulnerabilities through a collaborative effort with security enthusiasts to provide the best product offerings for our users.


Guidelines for Reporting

To report a vulnerability detected in Shape’s website, IT infrastructure, or its offered products, please reach out to security@shapesecurity.com by including all relevant vulnerability details along with a descriptive set of instructions to reproduce the vulnerability found. 

We request the security community to allow us to fix any identified vulnerabilities before releasing the information publicly while adhering to the following:

Please do

Notify us before announcing the vulnerability on any public forum, both online or in-person.

please DoN'T

Exploit a vulnerability to cause potential damage or view unauthorized data, or disclose a vulnerability to others until it has been resolved.

Shape Action

Shape’s security research experts will analyze the information provided by you and will follow the responsible disclosure policy guidelines as stated in the ISO/IEC 29147:2018 policy to timely remediate the vulnerability, and provide assurance to the stakeholders involved. Appropriate remuneration will be offered in the event of a successful bug disclosure.

Shape is committed to providing best in-class security solutions and strives to foster a collaborative community with security researchers and enthusiasts. 


Stay Informed

Get all the latest news about Shape Security directly sent to your inbox.

Register Now