Responsible Disclosure

Responsible Disclosure Policy

Security is a top priority for Onfido and we value the work done by researchers in improving the security of our products and services. We encourage responsible vulnerability research and disclosure and if you discover a vulnerability in any of our systems, please let us know about it so we can address it as quickly as possible. We are committed to working with the community to verify, reproduce, and respond to all the submissions in a timely manner.

Our full policy can be found at the following URLs:

• https://onfido.com/company/responsible-disclosure/
• https://vdp.onfido.com/

Reporting a Vulnerability

If you believe you’ve discovered a security vulnerability, please let us know by submitting a report at https://vdp.onfido.com/p/Send-a-report

Onfido highly appreciates the efforts made by the reporting party in identifying the vulnerability or error. Reporting of such vulnerabilities and errors will contribute to improving the security and reliability of our product and services.

Bug Bounty

Onfido currently operates a private bug bounty on YesWeHack platform. If you want to actively participate in the program, please let us know and contact us at bugbounty@onfido.com. See here for more information.

Contact

Please submit the vulnerability report at https://vdp.onfido.com/p/Send-a-report. If you aren’t sure whether a system or an issue is in scope or not, contact us at bugbounty@onfido.com.