We take security at Assembled very seriously and are committed to investigating all reported security issues or vulnerabilities. If you believe you’ve discovered a bug in Assembled's security, please get in touch at firstname.lastname@example.org. We will respond as quickly as possible to your report. We request that you not publicly disclose the issue until it has been addressed by Assembled. In filing any report, please include a sufficiently detailed and understandable description such that we are able to reproduce the issue.
Although we do not currently operate a reward program for disclosures, we do understand and appreciate the hard work that goes into security research. As such, we may at our discretion the confidential disclosure of verifiable issues that could be used to compromise the confidentiality or integrity of our users’ data (such as by bypassing our login process, injecting code into another user’s session, or instigating action on another user’s behalf).
Note that vulnerabilities must be disclosed to us privately with reasonable time to respond, and avoid compromise of other users and accounts. We do not reward denial of service, spam, or social engineering vulnerabilities.