Reporting Security Vulnerabilities to Assemble.

Assemble aims to keep its Services safe for everyone, and data security is of utmost priority. If you are a security researcher or ethical hacker and have discovered a security vulnerability in the Services, we appreciate your help in disclosing it to us in a responsible manner.

We ask you please:

              • Do not publicly disclose the vulnerability until Assemble has confirmed the bug is fixed.
              • Do not subject our website or web services to DoS, DDoS, scraping, brute force, or other type of automated attack.
              • Do not use security scanners or tools which may cause DoS, DDoS or scraping-like behavior against our web services or website.
              • Do not attempt to gain access to another user's account or data - please use test accounts.

              To disclose a vulnerability, please fill in the form below.


                    Your Name:



                    Mobile App: AndroidMobile App: iOSWeb AppAPI

                    CWE (If known):

                    Estimated severity:


                    A clear and concise title includes the type of vulnerability and the impacted asset.



                    What is the vulnerability? In clear steps, how do you reproduce it?


                    What security impact could an attacker achieve?


                    If you have previously disclosed a vulnerability to us, thank you.