Vulnerability Reporting
Wire’s commitment to security
We value and believe in the ethical and responsible disclosure of vulnerabilities. Our security team handles all security issues by rating the severity (critical, high, medium, and low) and coordinates the handling and resolution of vulnerabilities to ensure secure communication.
Our Process
How do I report a vulnerability?
If you have found a vulnerability in Wire, please report it to:
Wire doesn’t have a bug bounty program in place, yet. Nevertheless, our security team thoroughly investigates all security issues. Please only use this email for reporting security-related vulnerabilities.
What should I include?
Please include the following information:
- Description of the vulnerability
- Affected app and version
- How to reproduce the vulnerability (Proof of Concept if possible)
- Your preferred name for the credit in the security advisory section
For inquiries about other bugs or support requests, please contact Wire Support.
Response targets
Wire tries to meet the following SLAs for vulnerabilities disclosed to us. We will keep you informed about our progress.
|
Type of response |
SLA in business days |
| First response | 2 days |
| Time to triage | 3 days |
| Time to resolution | Depends on severity and complexity |
Open Source
Transparency by design
Wire's code is open source and available on Github for anyone to verify.
Star Follow @wireapp