Vulnerability Disclosure Program

We at Shortwave believe that great products require stellar security. No software is perfect and sometime vulnerabilities happen. We believe working with security researchers is essential in keeping our software secure. If you have found a vulnerability in our software, we encourage you to report it to us and we are eager to work with you to resolve the issue.

Disclosure Policy

  • We will make a reasonable effort to fix the vulnerability as soon as you have notified us about the vulnerability.
  • We ask you do not disclose the vulnerability to third-parties or the public until we have had a reasonable time to fix the issue.
  • Only use accounts you own or for which you have explicit permission from the owner to use.
  • We ask you make a good faith effort to avoid privacy violations, degradation of service, or loss of data.
  • Bugs should be reported to security@shortwave.com.

Exclusions

  • Denial-of-service attacks (DoS)
  • Spamming
  • Social engineering of Shortwave employees, clients, or users
  • Exploits that involve any physical form of attack or damage

We consider security research and activity performed in accordance to this policy as authorized.

Thank you for keeping Shortwave and its users safe!