Skip to main content

How to Submit a Vulnerability

Email vulnerability reports to Encord’s Product Security Team at security@encord.com.

What We Prioritize

To help us triage and resolve your report effectively:
  • Well-written reports in English have a higher probability of resolution
  • Proof-of-concept code equips us to better understand and triage the vulnerability
  • Clear context: Explain how you found the bug, its impact, and potential remediation steps
  • Disclosure plans: Let us know if you have any public disclosure timeline or intentions
Lower priority may be given to reports that include only crash dumps or automated tool output, or vulnerabilities outside our initial scope.

What You Can Expect From Us

  • Response within 2 business days to acknowledge receipt
  • Transparent communication on expected timeline and any challenges that may extend it
  • Stage notifications as the vulnerability progresses through our review process
  • Open dialog to discuss the issue
  • Credit once the vulnerability has been validated and fixed
If we encounter communication issues or other obstacles, we may bring in a neutral third party to help resolve how best to proceed.