Reporting Security Vulnerabilities to Assemble.


Assemble aims to keep its Services safe for everyone, and data security is of utmost priority. If you are a security researcher or ethical hacker and have discovered a security vulnerability in the Services, we appreciate your help in disclosing it to us in a responsible manner.

We ask you please:


             
             
              • Do not publicly disclose the vulnerability until Assemble has confirmed the bug is fixed.
              • Do not subject our website or web services to DoS, DDoS, scraping, brute force, or other type of automated attack.
              • Do not use security scanners or tools which may cause DoS, DDoS or scraping-like behavior against our web services or website.
              • Do not attempt to gain access to another user’s account or data – please use test accounts.

              To disclose a vulnerability, please fill in the form below.

                   
                   

                  Your Name:

                  E-mail:

                  Scope:

                  Mobile App: AndroidMobile App: iOSWeb AppAPI

                  CWE (If known):

                  Estimated severity:

                  Title:

                  A clear and concise title includes the type of vulnerability and the impacted asset.

                  Description:

                  Vulnerability

                  What is the vulnerability? In clear steps, how do you reproduce it?

                  Impact:

                  What security impact could an attacker achieve?

                  Attachments:






                  If you have previously disclosed a vulnerability to us, thank you.