Mondoo values responsible disclosure to protect the security and privacy of all our users. We actively encourage respectful and non-disruptive testing and reporting of detected vulnerabilities, within the following guidelines:

• DO submit reports as soon as you are aware of an issue
• DO allow time to assess and respond to the submission
• DO respect the availability, confidentiality and privacy of our services, users and any 3rd party systems
• DO NOT attack or otherwise interfere with any account you are not the owner of
• DO NOT violate any applicable laws or regulations
• DO NOT disclose issues publicly before we've had time to assess and respond appropriately

Please submit individual reports to security@mondoo.com including a full description of the finding, how to reproduce the behavior and any supporting information. Applicable submissions will be directed to our Bug Bounty Program.