Responsible DisclosureAt SoundCloud, we take the safety of our users very seriously.
If you have discovered a possible security vulnerability on our platform, the API, in an app, or any of SoundCloud’s services, please help us fix it as fast as possible by disclosing your findings in a responsible manner to email@example.com. In order to do so, please take a moment to review our Responsible Disclosure Policy below. Publicly disclosing a vulnerability can put the entire community at risk, so we urge you to keep matters private until a fix is rolled out from our side.
Responsible Disclosure Policy
• If you believe to have found a security vulnerability on SoundCloud, we highly encourage you to let us know right away, by privately disclosing it in an email to firstname.lastname@example.org. We consider such correspondence our highest priority, and strive to work with you to quickly act upon your concerns.
• To make sure we fully understand the scope of the reported security vulnerability, please include as much information in your description as possible, and list a way to reproduce the issue in your email.
• Upon receipt of your report we will send you a confirmation within 24 hours on a business day, and provide you with an estimate on how long it will take us to fix the issue. Please allow a reasonable time for us to investigate your findings and take the appropriate measures.
• Do not make your research or findings public or share them with third parties, before we have rolled out a fix for any reported vulnerabilities.
• Always ensure to act in good faith towards our users’ safety and data and avoid any privacy violations in the course of your research and disclosure. We do not tolerate the unauthorized modification or destruction of data or an attempt thereof, or interruption or degradation of our services. Please refrain from the execution or attempt to execute a Denial of Service attack against SoundCloud.
• White hat researchers are always welcomed; we will not take legal action against you or your account as long as you comply with our policy of responsible disclosure.
On behalf of our millions of users, we would like to give a shout-out to all security researchers that have helped us keep SoundCloud safe by reporting a security vulnerability responsibly with us - we really appreciate it!
- Michael Cowell (compl3x)
- joernchen of Phenoelit
- Egor Homakov
- Mariano Di Martino
- M.R.Vignesh Kumar (@vigneshkumarmr)
- Atulkumar Hariba Shedage
- Ajay Singh Negi
- Thamatam Deepak
- Mohamed Ramadan
- Yuji Kosuga
- Kamil Sevi (@kamilsevi)
- Emanuel Bronshtein
- Adam Ziaja
- Rafay Baloch (@rafaybaloch)
- Frans Rosén (@detectify)
- Nils Jünemann
- Maxim Rupp
- Abhinav Karnawat \/ w4rri0r \/
- Mathias Karlsson (@detectify)
- Saqib Kamran (@saqibkamran)
If you have responsibly disclosed a security issue in the past and believe this list is missing your name, please email us at email@example.com.