Reporting security issues
Keeping customer data safe and secure is a huge responsibility and our top priority. We work hard to protect against the latest threats, so your input and feedback on our security is always appreciated.
Security researchers
We are happy to work with security researchers, you're an important part of keeping the internet a safe place to work. If you discover a flaw in our security that could impact Skills Reloaded or our customers then please contact our support team.
The following security issues are currently not in scope (please don’t report them):
- Volumetric vulnerabilities (i.e. simply overwhelming our service with a high volume of requests)
- TLS configuration weaknesses (e.g. "weak" ciphersuite support, TLS1.0 support, sweet32 etc.)
- Reports of non-exploitable vulnerabilities.
- Reports indicating that our services do not fully align with "best practice" e.g. missing security headers (CSP, x-frame-options, x-prevent-xss etc) or suboptimal email related configuration (SPF, DMARC etc)