We deeply appreciate any effort to discover and disclose security vulnerabilities responsibly. The Pion organisation does not operate a bug bounty program or offer monetary rewards for vulnerabilities, but we do acknowledge individuals and organisations in our security bulletins.

We take all security vulnerabilities seriously, but as this project is entirely volunteer driven we may not be able to respond to issues in as timely a manner as we would like. We make a good faith effort to respond to reports within 72 hours.

If you would like to report a vulnerability in a component under the Pion umbrella please email:

security [at] pion [dot] ly