Vulnerability Reporting

Wire’s commitment to security

We value and believe in the ethical and responsible disclosure of vulnerabilities. Our security team handles all security issues by rating the severity (critical, high, medium, and low) and coordinates the handling and resolution of vulnerabilities to ensure secure communication.

vulnerability report hero
Our Process

How do I report a vulnerability?

If you have found a vulnerability in Wire, please report it to: 

Wire doesn’t have a bug bounty program in place, yet. Nevertheless, our security team thoroughly investigates all security issues. Please only use this email for reporting security-related vulnerabilities. 

Report Vulnerability SECURITY POLICY

What should I include?

Please include the following information:

  • Description of the vulnerability
  • Affected app and version
  • How to reproduce the vulnerability (Proof of Concept if possible)
  • Your preferred name for the credit in the security advisory section

For inquiries about other bugs or support requests, please contact Wire Support.

Response targets

Wire tries to meet the following SLAs for vulnerabilities disclosed to us. We will keep you informed about our progress.

Type of response

SLA in business days
First response 2 days
Time to triage 3 days
Time to resolution Depends on severity and complexity

 

Open Source

Transparency by design 

Wire's code is open source and available on GitHub for anyone to verify.

 

Star Follow @wireapp