Responsible Disclosure

The proper procedure for reporting security issues with care.

Report a security issue

We take user security very seriously. If you should discover a potential security concern in Rainway, do not communicate it to us in public.

Instead, follow these steps:

  1. Write an email detailing the precise nature of the vulnerability.
  2. Encrypt your message with our PGP public key.
  3. Send it to [email protected].

We will respond to you as soon as possible, likely within 24 hours. If we have any further questions, expect a response back.

We encourage everyone interested in submitting a disclosure to read the IETF's "Responsible Vulnerability Disclosure Process" and follow the guidelines and principles within.

Depending on the severity and scale of the vulnerability, you may (at your discretion) be recognized for your work. We are not offering monetary compensation at this time. All reports are subject to a 30 day embargo for user safety.