Ditto provides a process to external users for reporting security, confidentiality, integrity, and availability failures, incidents, concerns, and other complaints. To submit a vulnerability report to Ditto’s Security team, please contact us at security@ditto.live.
What we would like to see from you:
- Well-written reports in English will have a higher probability of resolution.
- Reports that include proof-of-concept code equip us to better triage.
- Reports that include only crash dumps or other automated tool output may receive lower priority.
- Reports that include products not on the initial scope list may receive lower priority.
- How you found the bug, the impact, and any potential remediation.
- Plans or intentions for public disclosure.
What you can expect from Ditto:
- A timely response to your email (within 3 business days).
- After triage, we will send an expected timeline, and commit to being as transparent as possible about the remediation timeline as well as issues or challenges that may extend it.
- An open dialog to discuss issues.
- Notification when the vulnerability analysis has completed each stage of our review.
- Credit after the vulnerability has been validated and fixed.
If we are unable to resolve communication issues or other problems, Ditto may bring in a neutral third party to assist in determining how best to handle the vulnerability.