Security

Vulnerability Disclosure Policy

Ubuntu Software is committed to the security of our products and services. We welcome reports from security researchers who discover potential vulnerabilities.

Safe Harbor

We consider security research conducted in accordance with this policy to be:

• Authorized — We will not pursue legal action against you
• Helpful — We value your contribution to improving our security
• Protected — We will work with you to understand and resolve the issue

If you make a good-faith effort to comply with this policy during your research, we will not initiate or recommend legal action against you.

Scope

This policy applies to all Ubuntu Software products and services:

Prohibited Activities

To protect our users and systems, please refrain from:

• Denial-of-service attacks
• Social engineering of employees or contractors
• Physical access attempts
• Accessing or modifying data belonging to other users
• Automated vulnerability scanning that degrades service
• Public disclosure before we’ve had time to respond

How to Report

Use our Contact Form to submit your report.

Please include:

1. Description — What is the vulnerability?
2. Location — Where did you find it? (URL, component, version)
3. Impact — What could an attacker do with this?
4. Steps — How can we reproduce it?
5. Proof of Concept — Screenshots, code, or logs (if available)

You may report anonymously. We don’t require personal information.

Report a Vulnerability →

Our Commitment

We’ll keep you informed of our progress and notify you when the issue is fixed.

Recognition

We believe in thanking researchers who help us improve security. Valid reports are recognized on our Security Acknowledgments page.

We currently don’t offer monetary rewards, but we’re grateful for your contribution to making our products more secure.

Questions?

For questions about this policy or clarification on scope:

Contact Us →

Machine-Readable Policy

Security researchers can find our security.txt file at the standard location per RFC 9116.