Reporting Security Vulnerabilities to Assemble.


Assemble aims to keep its Services safe for everyone, and data security is of utmost priority. If you are a security researcher or ethical hacker and have discovered a security vulnerability in the Services, we appreciate your help in disclosing it to us in a responsible manner.

We ask you please:


             
             
              • Do not publicly disclose the vulnerability until Assemble has confirmed the bug is fixed.
              • Do not subject our website or web services to DoS, DDoS, scraping, brute force, or other type of automated attack.
              • Do not use security scanners or tools which may cause DoS, DDoS or scraping-like behavior against our web services or website.
              • Do not attempt to gain access to another user's account or data - please use test accounts.

              To disclose a vulnerability, please fill in the form below.

                   
                   

                    Your Name:

                    E-mail:

                    Scope:

                    Mobile App: AndroidMobile App: iOSWeb AppAPI

                    CWE (If known):

                    Estimated severity:

                    Title:

                    A clear and concise title includes the type of vulnerability and the impacted asset.

                    Description:

                    Vulnerability

                    What is the vulnerability? In clear steps, how do you reproduce it?

                    Impact:

                    What security impact could an attacker achieve?

                    Attachments:



                    If you have previously disclosed a vulnerability to us, thank you.