Bug bounty

We have decided to discontinue our bug bounty program effective immediately.

Over time, the program has increasingly attracted a high volume of low-quality submissions, including reports generated by automated scanners, AI-produced or templated content, and issues that are not relevant to our systems. Many submissions also demonstrate a lack of understanding of the reported findings, and in numerous cases, follow-up communication is ignored or not meaningfully addressed.

This has significantly reduced the effectiveness of the program and diverted resources away from addressing legitimate security concerns.

We appreciate the efforts of researchers who have contributed valid and thoughtful reports in the past. However, given the current signal-to-noise ratio, continuing the program is no longer sustainable.

Security remains a priority for us, and we will continue to invest in internal and alternative approaches to ensure the integrity of our systems.