Vulnerability Disclosure Program Scope and Safe Harbor Statement
Anthology appreciates and values the contributions of our customers and of security researchers in improving the security of our products and service offerings. We encourage the responsible disclosure of any vulnerabilities that may be found in Anthology’s systems via this form.
Provided that the guidelines on this page are followed, Anthology provides safe harbor for researchers and will not initiate or recommend legal action for such testing. If a third party initiates legal action in such a case, we will, upon request, confirm our safe harbor decision.
Submission Guidelines
Thank you for your report. Please follow these submission guidelines to help us process your report as efficiently as possible.
- This form should only be used to submit reproducible vulnerabilities found in Anthology systems.
- Provide sufficient detail to reproduce the vulnerability, including proof of concept. Results of automated scanners cannot be accepted.
- Report potential security issues in a timely manner after discovery.
- Redact any personal information before reporting.
- In accordance with responsible disclosure practices, please do not disclose an issue to the public or any third party until Anthology has (within a reasonable time period) confirmed to you that we have resolved the vulnerability and deployed the fix to all customers.
Contact Information
We accept anonymous submissions. However, without your contact information we will not be able to provide you with updates, or recognition on our Security Hall of Fame page.
If you responsibly submit a vulnerability report including contact information, Anthology will use reasonable efforts to respond in a timely manner confirming that we received your report, and to notify you when the vulnerability has been fixed.