---
post_title: Reporting security issues
menu_title: Reporting security issues
tags: reference
---

WooCommerce cares deeply about security and works hard to keep our merchants and their customers safe. 

You can find our security policy [over here](https://github.com/woocommerce/woocommerce/security/policy) and, if you believe you have discovered a vulnerability, we encourage you to follow it and submit your findings via [HackerOne](https://hackerone.com/automattic?type=team)-a trusted third party service that facilitates reporting of security issues. Please refer to the policy for more details, however some key points are as follows:

- We operate a [bug bounty program](https://hackerone.com/automattic?type=team), so you can be rewarded for valid reports, but not everything is in scope. Please check the guidance before posting.
- We strongly encourage [responsible disclosure](https://www.hackerone.com/disclosure-guidelines). To better protect everyone, please use HackerOne and **do not** post your findings in a public forum.

Thank you for being a responsible reporter!