What to send
- Include the affected URL, product surface, version, and environment.
- Provide clear reproduction steps and expected versus actual behavior.
- Attach timestamps, request identifiers, screenshots, or proof-of-concept material when relevant.
Security
Security contact, disclosure intake, and public references.
Use this page to report vulnerabilities, find the canonical disclosure contact, and understand how Cosantoir routes security submissions. The published security.txt record remains the canonical machine-readable contact.
security-reports@cosantoir.com
Security reports
Primary mailbox for vulnerability reports, coordinated disclosure, and urgent follow-up.
security@cosantoir.com
Security team
General security escalation channel for authenticated company security contact.
vulnerability@cosantoir.com
Vulnerability intake
Technical disclosure path for reproducible findings and remediation coordination.
abuse@cosantoir.com
Abuse reports
Use this mailbox for phishing, impersonation, abuse, or malicious use tied to the platform.
bugbounty@cosantoir.com
Bug bounty intake
Researcher contact for scope, eligibility, and payout-program routing when a report qualifies.
/.well-known/security.txt
Read the canonical security.txt
Use the machine-readable contact record published from the site root.
What happens next
- Reports are reviewed by the security team and triaged for severity, impact, and reproducibility.
- We may follow up for clarification or additional evidence before confirming a finding.
- Disclosure routing uses official company-domain security mailboxes and the published security.txt contact record.