Skip to main content

Drugs.com Responsible Disclosure Policy

We take the security of our systems seriously, and we value the security community. The responsible disclosure of security vulnerabilities helps us ensure the security and privacy of our users.

Guidelines

We require that all researchers:

If you follow these guidelines when reporting an issue to us, we commit to:

Scope

Out of scope

Any services hosted by 3rd party providers and services are excluded from scope.

In the interest of the safety of our users, staff, the Internet at large and you as a security researcher, the following test types are excluded from scope:

Things we do not want to receive:

How to report a security vulnerability?

If you believe you've found a security vulnerability in one of our products or platforms please send it to us by emailing security@drugs.com. Please include the following details with your report:

If you'd like to encrypt the information, please use our PGP Key (ID: 505D98E4, Fingerprint: 61FB 3470 7DAE B50A CCD4 D6F4 3438 474C 505D 98E4)