Download Our 2025 Annual Security Report Now

GET YOUR COPY
    free trial
    Book a Demo

    Responsible Disclosure Policy

    As a security company, we know we are held to high security standards. We value our security community and welcome input regarding security vulnerabilities that may be found in our systems. We encourage researchers to inform us of any vulnerabilities they may find in our system using the process set forth below.

    PLEASE NOTE: Disclosures that do not conform to this process may not be eligible for bug-bounty awards. 

    Reporting Security Issues

    Please use the below form to submit a security issue you have found on the DNSFilter platform. This will be routed through HackerOne and if eligible will be rewarded a bounty. 

    Submit a Security Issue

    What you can expect from us:

    • We will acknowledge receipt of your report within 5 business days. 
    • We will internally review the reported issue to confirm validity. 
    • If at this time we have any questions or need more details we may engage you. 

    What we expect from your report:

    • A description of the type of issue (e.g. SQL injection, Cross-Site Scripting, etc.)
    • Your perspective on the impact, criticality, and any abuse cases.
    • Sample code, proof-of-concept, and/or tool used to generate exploit
      • If we don’t have access to a specific tool and can’t replicate the issue we might reach back for further proof
    • Any HTTP requests, responses, code snippets, or other evidence to help with reproduction.
    • Any information you may have accessed during testing. If the information could be considered sensitive in any way please redact the information so that it is not identifiable.  

    Professional Expectations

    • Partner with integrity and transparency  
    • Do not disrupt, modify, or destroy any other customer’s data, DNSFilter data, or our services
    • No brute-force attacks or social engineering (further details provided in the “Out-of-Scope Items” section). 
    • If public disclosure is intended, we ask that the timeline be coordinated and agreed upon with DNSFilter and the researcher in advance of any such disclosure.

    Bounty Rules

    • When duplicates occur, we award the first report that was received.
    • Multiple reported issues that are caused by one underlying problem will be awarded one bounty.
    • In the event of any disagreement with respect to bounty awards and/or amount, any decision from the DNSFilter Security Team is final.

    In-Scope Properties

    Our Bug Bounty program applies to the following properties :

    • *.dnsfilter.com
    • *.guardianapp.com
    • All DNSFilter Roaming Clients

    Out-of-Scope Properties

    Our Bug Bounty program specifically excludes the following properties:

    • Trust.dnsfilter.com
    • Feedback.dnsfilter.com
    • *.webshrinker.com

    Third-Party Bugs

    If issues reported to our bug bounty program affect a third-party library, an application, or another vendor, we reserve the right to forward details of the issue to that party without further notice. We ask the researchers to comply with the third party’s vulnerability disclosure or bug bounty program.

    Out-of-Scope Items

    For an up to date list of out of scope items please join our HackerOne program.