Slate is committed to resolving any issues that may compromise the security of our products and services as quickly as possible. We take security vulnerabilities very seriously and protecting customer data is one of our top priorities.
If you have discovered a security vulnerability, we would appreciate it if you could keep your findings confidential and disclose the relevant information to us in a responsible manner, as described below.
If you think you’ve found a security vulnerability in Slate products, services or online platforms, please contact us immediately via email and encrypt your report with our PGP key below:
Email contact: [email protected]
PGP Key: 699b55b0
Fingerprint: 4d75 3560 c1ed 1fe8 168e af93 6cd6 5bfe 699b 55b0
Please provide as much detail as possible. In particular, we would appreciate the following:
Please also advise if you have communicated the vulnerability to CERT or other parties and provide us with any reference numbers.
Please do not:
The following items are known issues or accepted risks and are out of scope for this vulnerability reporting program:
Please maintain confidentiality and do not make your research public until we have completed our investigation and implemented patches or other mitigations.
The Slate security team will endeavour to contact you within 72 hours of you reporting the security vulnerability and keep you informed on our progress towards resolving the vulnerability. We will notify you when the security vulnerability has been patched or mitigated, and add your name to our acknowledgments page if your vulnerability is valid.
Slate would like to thank the following researchers who have helped us improve security through our responsible disclosure program: