Vulnerability Disclosure

Last updated December 10th 2021

At Shortwave, we believe that great products require stellar security. No software is perfect and sometimes vulnerabilities happen. We believe working with security researchers is essential in keeping our software secure. If you have found a vulnerability in our software, we encourage you to report it to us so we can work with you to resolve the issue.

Disclosure Policy

  • We will make a reasonable effort to fix the vulnerability as soon as you have notified us about the vulnerability.
  • We ask you do not disclose the vulnerability to third-parties or the public until we have had a reasonable time to fix the issue.
  • Only use accounts you own or for which you have explicit permission from the owner to use.
  • We ask you make a good faith effort to avoid privacy violations, degradation of service, or loss of data.
  • Bugs should be reported to


  • Denial-of-service attacks (DoS)
  • Spamming
  • Social engineering of Shortwave employees, clients, or users
  • Exploits that involve any physical form of attack or damage

We consider security research and activity performed in accordance to this policy as authorized.