SilentProof
Updated April 23, 2026
Disclosure
Report vulnerabilities in SilentProof itself.
Use this page if you believe SilentProof, silentproof.io, the request intake flow, or our report delivery surfaces have a security issue.
This policy does not authorize testing of SilentProof customers or third-party applications. Customer security reviews require a separate written authorization tied to that customer's approved scope.
01
Contact
- Preferred channel
- security@silentproof.io
- Machine-readable policy
- /.well-known/security.txt
02
What to include
- 01A clear description of the suspected issue and the affected SilentProof URL or surface.
- 02Safe, minimal proof that does not expose unrelated personal data or customer report content.
- 03Your contact details and any deadline or coordination constraints.
03
Allowed behavior
- 01Good-faith, low-rate testing against SilentProof-owned public surfaces.
- 02Stopping as soon as impact is demonstrated.
- 03Avoiding privacy invasion, service disruption, data destruction, persistence, credential attacks, and social engineering.
04
Not allowed
- 01Testing customer domains, customer applications, or third-party infrastructure through SilentProof.
- 02DDoS, load, stress, spam, phishing, malware, persistence, lateral movement, or destructive writes.
- 03Public disclosure before SilentProof has had a reasonable opportunity to assess and address the issue.
05
Bounty and response
SilentProof does not currently operate a public bug bounty program. We still welcome useful, good-faith reports and will try to acknowledge substantive reports by email.