How do we report security issues ?
I want to report an improvement which is likely a security issue (though I might be wrong), therefore I want to report it in private.
Is NextDNS on HackerOne (doesn't appear to be, unless private), or on BugCrowD (doesn't appear to be, unless private), or maybe even using the new Github Security Policy thing (https://github.com/nextdns/nextdns/security/policy ) (doesn't seem to be yet, it's a new feature though) ? and https://nextdns.io/.well-known/security.txt is error 200 right now. Whois doesn't tell me anything either: https://who.is/whois/nextdns.io
Where do people report security vulnerabilities or issues ?
You can try messaging them on Twitter?
I agree, this information should be more readily available.
- 11 mths agoLast active