Vulnerability Disclosure Policy
If you think that there is any security or vulnerability issue in VPN Private, we appreciate you report the issue with all related details.
You are welcome to send all types of reports about security-related issues and privacy concerns to [email protected]. For optimal secure communication with us you can use our PGP key:
0D18 1349 7957 48F6 6E04 4814 2959 D4E7 38A0 0A15
After VPN Private Get the Report, we will:
• request the reporter to keep the information and communication of the vulnerability confidential;
• verify the existence of the vulnerability and identify which releases are affected. When confirmed, we will assign a CVE ID to the issue;
• release an updated version of the affected products resolving the issue as soon as possible. If it is not possible to resolve the issue within a reasonable time frame, identified workarounds might be published if that improves the situation in an acceptable way without putting users at risk;
• include a reference to the reporter and/or its organization as part of the release notes, unless the reporter wishes to remain anonymous;
• do its best to keep the reporter updated on the progress of the reported vulnerability.
We acknowledge that making release available may sometimes take time. It depends on vulnerability severity, its relation to ongoing release work, and areas affected by the issue. We do not attempt to delay issue resolution, but we ensure all necessary modifications of the appropriate quality, resolve the issue, and avoid regressions introduction.
Thank you very much for your patience and for helping us to resolve the issue.