Adversarial Vulnerability Disclosure Policy (VDP)
At this time Adversarial Risk Management does not maintain a formal bug bounty program, but welcomes the submission of any detected vulnerabilities, abuse, suspicious activity observations, or requests for collaborative assistance via the contact information maintained at adversarial.com/security.txt. This process may not be used for the solicitation of any product or service and reports should be ethically submitted without any expectation or demand of payment.
No action should be taken that is likely or suspected to be disruptive or to perform any denial of service of the platform in production or testing environments.
When conducting vulnerability research according to the US Department of Justice definition of Good Faith Security Research below, we will consider this activity authorized and exempt from copyright, Terms & Conditions, or similar restrictions that might otherwise be construed to prohibit such activity.
Good faith security research means accessing a computer solely for purposes of good-faith testing, investigation, and/or correction of a security flaw or vulnerability, where such activity is carried out in a manner designed to avoid any harm to individuals or the public, and where the information derived from the activity is used primarily to promote the security or safety of the class of devices, machines, or online services to which the accessed computer belongs, or those who use such devices, machines, or online services.
--US Department of Justice PR 22-533
If at any time you have concerns or are uncertain whether your security research is consistent with this policy, please contact us for clarification before proceeding.