If you’ve found a security vulnerability in the Loupely Lens Chrome extension, the Loupely web application, or any related infrastructure, report it to security@loupelylens.com with the subject line Security Vulnerability Report.
Don’t disclose it publicly before it’s been resolved. Public disclosure of an unpatched vulnerability puts current users at risk.
What to include #
A description of the vulnerability, which component it affects, steps to reproduce it, the potential impact, and any proof-of-concept you’ve prepared. The more specific the report, the faster the investigation.
What to expect #
Reports are acknowledged within 48 hours. There’s no formal bug bounty program currently, but legitimate reports are taken seriously and if a fix is deployed as a result of your report, you can be credited in the release notes if you’d like.
To send an encrypted report, request a PGP public key by emailing security@loupelylens.com first.