We welcome responsible security research and encourage the ethical disclosure of vulnerabilities in our systems and services.
This policy covers all UMBRELLA-owned websites, applications, APIs, and infrastructure. If you are unsure whether a system is in scope, please contact us before testing.
UMBRELLA commits not to pursue legal action against researchers who discover and report vulnerabilities in good faith in accordance with this policy. We ask that you provide reasonable time for us to address the issue before making any public disclosure.
Please send vulnerability reports to us via our contact page. Include:
We appreciate the efforts of the security research community. With your permission, we may publicly acknowledge your contribution once the vulnerability has been remediated.