Security & Responsible Disclosure

The security of our systems is our top priority. We appreciate investigative work into system security carried out by ethical security researchers. If you discover a vulnerability, however small, we would like to know about it so we can address, as quickly as possible.

Reporting a vulnerability

Please email findings to security@val.town.

Responsible Disclosure

  • Do not take advantage of the vulnerability or problem you have discovered. For example only download data that is necessary to demonstrate the vulnerability - do not download any more. Also do not delete, modify, or view other people's data.
  • Do not publish or reveal the problem until it has been resolved.
  • Do not use attacks on physical security, social engineering, distributed denial of service, spam or applications of third parties.

Our commitment

  • If you act in accordance with this policy, we will not take legal action against you in regard to your report.
  • We will handle your report with strict confidentiality, and not pass on your personal details to third parties without your permission.
  • We offer various bug bounties as compensation, depending on the severity of the exploit found.