As a premium publisher and technology company, Vox Media realizes the importance of security and takes its responsibility to its users extremely seriously. To that end, we have made internal efforts to help us to ensure the security of our sites and any data provided to us by our users at all times.
That said, neither our software nor the internet in which we operate is static. It's great to have users test us from time to time. We want you to feel comfortable using our sites and we want you to share any suspicions you may have with us; you would be doing us a service if you let us know that we overlooked something.
- Investigation Rules
When investigating a suspected security vulnerability, users must target their own accounts. Unauthorized access of another user's account or private data is forbidden.
Do not use automated testing tools or initiate attacks that could impact the reliability or integrity of our services (port scanning, fuzzing, denial of service attacks, etc).
Investigation should be limited to services on Vox Media domains. Targeting our third party vendors is not allowed.
Violations of these rules will result in account suspension and/or IP banning.
- Reporting Suspected Vulnerabilities
All vulnerabilities or security concerns should be reported by email to firstname.lastname@example.org
. We encourage the use of our PGP key
to send encrypted mail.
Please provide as detailed an explanation of the vulnerability as possible (including reproduction steps and/or examples), so that we can evaluate and respond as quickly as possible.
- Our Response
The product team will review the submitted report, and create a case in our issue tracking system. You will receive a response via email within 24 hours outlining the next steps in the process and regular updates from us as we investigate and/or fix the issue.
To protect our users, we ask that you not publicly discuss the issue until we have addressed the reported vulnerability.
© 2021 Vox Media, LLC. All rights reserved.