We ask that all who report comply with the following guidelines when reporting a vulnerability:
- Allow Granicus an opportunity to address a vulnerability within a reasonable period time
- Do not publicly share information about the vulnerability prior to updates being available
- Make a good faith effort to avoid privacy violations and destruction, interruption, or segregation of Granicus services or applications
- Do not freely exploit, modify, or destroy data that does not belong to you
We are committed to working with those who report issues via these guidelines, and we aim to quickly resolve any issues (confirming the report within one week of submission).