We take security at Assembled very seriously and are committed to investigating all reported security issues or vulnerabilities. If you believe you’ve discovered a bug in Assembled's security, please get in touch at firstname.lastname@example.org. We will respond as quickly as possible to your report. We request that you not publicly disclose the issue until it has been addressed by Assembled. In filing any report, please include a sufficiently detailed and understandable description such that we are able to reproduce the issue.
Although we do not currently operate a bug bounty or reward program, we do understand and appreciate the hard work that goes into security research. As such, we may reward the confidential disclosure of verifiable issues at our discretion.
Note that vulnerabilities must be disclosed to us privately with reasonable time to respond, and avoid compromise of other users and accounts. We do not reward denial of service, spam, or social engineering vulnerabilities.