Responsible Disclosure Program

Partner with us to keep DefendDomain secure

We welcome ethical hackers who proactively surface vulnerabilities or platform limitations. Share your findings and choose whether our $25 thank-you donation goes to Woodlands Trust, Cancer Research, or homelessness support initiatives for every validated disclosure.

Rapid acknowledgement: Expect a response within two business days and ongoing updates as remediation progresses.
Donation with every fix: Select Woodlands Trust, Cancer Research, or homelessness support charities for our $25 contribution once we validate your disclosure.

Built with the security research community

DefendDomain thrives when we partner with ethical hackers. We treat researchers as collaborators, keep communication transparent, and recognise how their insights harden our protection for customers around the world.

We share context on how your discoveries strengthen our domain intelligence and takedown workflows.
We provide timely updates so you know how remediation is progressing from acknowledgement to rollout.
We celebrate meaningful fixes publicly (with your permission) to highlight the positive impact of ethical hacking.

Why researchers choose DefendDomain

Our program emphasises meaningful collaboration, streamlined triage, and social good. These pillars help every valid report have real-world impact for our customers and the broader security community.

Collaborative triage

Partner with our security engineers to validate findings quickly and understand the fixes that ship.

Charitable rewards

We donate $25 to the charity you select—Woodlands Trust, Cancer Research, or homelessness support—when we verify a disclosure.

Clear expectations

Know exactly what information helps most so your submission stands out and our team can replicate every step.

What we're looking for

Reports should focus on issues that could impact the confidentiality, integrity, or availability of DefendDomain's platform. We particularly value discoveries that:

Demonstrate how an attacker could gain unauthorized access, escalate privileges, or tamper with monitoring results.
Reveal logic or workflow gaps that prevent critical alerts, takedown requests, or brand monitoring actions from executing correctly.
Highlight security weaknesses that could expose customer data, configuration secrets, or integration tokens.

Examples of valid disclosures

These examples are illustrative—any impactful issue is welcome. Please avoid actions that could disrupt live customer environments while testing.

Bypassing domain alert permissions

Discovering a way to access monitoring dashboards or export data without the correct account role assignments.

Suppressed threat notifications

Identifying logic flaws that stop phishing or takedown alerts from reaching the intended recipients.

Exposed configuration metadata

Finding endpoints that reveal sensitive customer settings, API keys, or deployment information.

What doesn't qualify for a reward

We value all feedback, but to keep the program focused on meaningful vulnerabilities we cannot provide donations for reports limited to best-practice reminders or non-exploitable findings.

Brute force or credential-stuffing simulations that don't demonstrate a weakness beyond password guessing.
Advisories about missing HTTP headers or TLS configuration tweaks without an accompanying exploitation scenario.
General security hardening suggestions that lack a clear, reproducible impact on confidentiality, integrity, or availability.

What to include in your report

Thorough submissions help us validate and remediate quickly. When you reach out, please provide:

A concise summary describing the vulnerability or limitation.
Step-by-step reproduction instructions, including affected routes, configurations, or sample payloads.
Any evidence or screenshots that demonstrate the potential impact or data exposure.
Your preferred name (or alias) and email so we can coordinate follow-up questions.

Our triage & donation process

We aim to acknowledge submissions within two business days. After validation, we will coordinate remediation updates with you and confirm the $25 donation to your selected charity—Woodlands Trust, Cancer Research, or homelessness support organisations.

You'll always have a direct contact on the DefendDomain security team to answer questions, share progress, and celebrate the impact of your research.

Submit a responsible disclosure

Use the form below to share your findings. Include reproduction steps in the message field so our engineers can verify and respond quickly.

Submit your security report

Share as much detail as possible, including reproduction steps, affected endpoints, and the impact you observed.