If you believe you have found a security issue that may be a vulnerability in a Sophos product, please contact our security team via one of the methods below:
- Preferred: submit a report through our Bug Bounty Program; or
- Email security-alert@sophos.com. For confidentiality, an authorized individual will respond with a public PGP key.
Only vulnerabilities submitted through our Bug Bounty Program are eligible to receive a bounty payment.