At Issuu, the security of our users and our platform comes first. If you believe that you have discovered a potential vulnerability on our platform or in any APIs, apps or Issuu service, we would appreciate your help in fixing it fast by revealing your findings in accordance with this policy.
Going public with security vulnerabilities can elevate the level of risk, so we urge you to keep such matters private until they can be addressed.
If you believe that you have found a security vulnerability on Issuu, please let us know right away via our Responsible Disclosure form.
It’s most helpful to provide as much information as possible, especially a way for us to reproduce the issue. DO NOT provide any personally identifiable information and/or credit-card data.
We will do our best to confirm receipt of valid reports by the next business day; an Issuu team member will investigate within a week and correspond with you if necessary.
Please consider the potential damage to others and don’t disclose or share your matter publicly until we have been able to investigate and respond.
We welcome information from white-hat researchers. Responsible actions and revelations regarding Issuu are not of legal concern. Nevertheless, the following actions are not acceptable and will be reported to the proper authorities:
Responsible research that reveals qualifying issues in accordance with this policy could be eligible for inclusion in our Hall of Fame. UPDATE: We are currently unable to provide any kind of swag to the researcher.
Qualifying issues include web vulnerabilities exposed during a valid attack scenario that has significant impact on our users or our platform. Examples of such vulnerabilities could be:
Issues that do not qualify include the following:
Whether an issue is indeed qualifying, and whether a reward or inclusion in our Hall of Fame is merited are decisions made at Issuu’s discretion. Only the first researcher to report a specific qualifying issue may be eligible for inclusion in our Hall of Fame, and we reserve the right to cancel this program at any time.
Here’s where we recognize the researchers that have responsibly reported a security vulnerability. Your efforts help us keep Issuu safe for millions of users, and for that we are grateful. Thank you!
If you have disclosed a security matter in accordance with Issuu’s policy and believe that your name is missing from our roster, please let us know at firstname.lastname@example.org.