Amino understands the importance of security of our products and we believe that the responsible disclosure of any security vulnerabilities identified by security researchers plays an important role in this.
Amino accepts vulnerability reports from all sources including independent security researchers, industry partners, vendors and customers. We define a vulnerability as a flaw or weakness in system security procedures, design, implementation, or internal controls that could be exercised (accidentally triggered or intentionally exploited) and result in a security breach or a violation of the system’s security policy.
Amino ask security researchers to share details of any suspected vulnerabilities via email to firstname.lastname@example.org. If you feel the need, please use our PGP public key to encrypt your communication with us.
At a minimum please include the following information with your initial submission:
Amino will acknowledge submitted reports within 3 working days. Amino asks that all parties respect a 90 day hold-off period before making full disclosure.