To report a security issue, please email engineering@evervault.com with a description of the issue, the steps you took to create the issue, affected versions, and, if known, mitigations for the issue.
This project follows a 90 day disclosure timeline.
Evervault pledge to:
- Take all reported findings seriously and respond to you in a timely manner
- Acknowledge and thank you once any legitimate vulnerabilities have been fixed
- Publicly disclose significant vulnerabilities
Evervault does not currently offer a bug bounty, however are appreciative of the efforts of the security researcher community.