How to Submit a Vulnerability
Email vulnerability reports to Encord’s Product Security Team at security@encord.com.What We Prioritize
To help us triage and resolve your report effectively:- Well-written reports in English have a higher probability of resolution
- Proof-of-concept code equips us to better understand and triage the vulnerability
- Clear context: Explain how you found the bug, its impact, and potential remediation steps
- Disclosure plans: Let us know if you have any public disclosure timeline or intentions
What You Can Expect From Us
- Response within 2 business days to acknowledge receipt
- Transparent communication on expected timeline and any challenges that may extend it
- Stage notifications as the vulnerability progresses through our review process
- Open dialog to discuss the issue
- Credit once the vulnerability has been validated and fixed

