Responsible Disclosure Form

We encourage security folk to report security vulnerabilities in Figment.

Our security team practices responsible disclosure. We will acknowledge valid and original (i.e., the first reported instance) discoveries on our website with your name, with your consent. While we do not have a formalized bug-bounty program at this time, we may implement one in the future. In the event that we develop a reward system, we may, at our discretion, pay you a reward, subject to applicable laws.

Our commitment to security researchers is simple: we will not take action against anyone who reports an issue privately and in a responsible manner. We will do our best to reply to you in a timely fashion and periodically update you on our progress with respect to investigating or remediating any issues you may have identified.