Please note that this site provides information for developers and security professionals. If you are a SharpSpring user and have a security or system issue with your account, please submit a support request via the normal channels.
Security - How To Report a Vulnerability
If you believe you’ve found a security vulnerability in one of our products or platforms, please send it to us by emailing firstname.lastname@example.org. We prefer that the submission be encrypted using our public PGP key posted below.
Please include the following details with your report:
- A description of the location and potential impact of the vulnerability.
- A detailed description of the steps required to reproduce the vulnerability (POC scripts, screenshots, and compressed screen captures are all helpful to us).
You will receive an automated response from our ticketing system with a tracking ID, which will be used for all future communication between you and our engineers. Please refrain from submitting multiple reports for the same vulnerability as this will slow down the verification and remediation process.
Please note that we currently do not offer any reward or monetary incentive for vulnerability reporting, however, we will pledge the following:
- To the best of our ability, we will confirm the existence of the vulnerability to you and be as transparent as possible about what steps we are taking during the remediation process, including on issues or challenges that may delay resolution.
- Upon confirmation, we will maintain an open dialogue to discuss issues.
Due to the number of false, incorrect, or superfluous vulnerability reports we receive, we may not be able to respond to every submission, however we will do our best to acknowledge each and communicate our course of action.
-----END PGP PUBLIC KEY BLOCK-----