Report a Security Vulnerability

Ditto provides a process to external users for reporting security, confidentiality, integrity, and availability failures, incidents, concerns, and other complaints. To submit a vulnerability report to Ditto’s Security team, please contact us at security@ditto.live.

What we would like to see from you:

• Well-written reports in English will have a higher probability of resolution.
• Reports that include proof-of-concept code equip us to better triage.
• Reports that include only crash dumps or other automated tool output may receive lower priority.
• Reports that include products not on the initial scope list may receive lower priority.
• How you found the bug, the impact, and any potential remediation.
• Plans or intentions for public disclosure.

What you can expect from Ditto:

• A timely response to your email (within 3 business days).
• After triage, we will send an expected timeline, and commit to being as transparent as possible about the remediation timeline as well as issues or challenges that may extend it.
• An open dialog to discuss issues.
• Notification when the vulnerability analysis has completed each stage of our review.
• Credit after the vulnerability has been validated and fixed.

If we are unable to resolve communication issues or other problems, Ditto may bring in a neutral third party to assist in determining how best to handle the vulnerability.