Responsible disclosure
At Sophos, we investigate all vulnerability reports and implement the best course of action to protect our customers.
If you believe you have found a security issue that may be a vulnerability in a Sophos product, please contact our security team via one of the methods below:
- Preferred: Submit a report through our Bug Bounty Program; or
- Email security-alert@sophos.com. For confidentiality, an authorized individual will respond with a public PGP key.
Only vulnerabilities submitted through our Bug Bounty Program are eligible to receive a bounty payment.