Responsible Disclosure


Our team appreciates the work of security researchers and their efforts to keep our community safe. We want promote responsible disclosure of security vulnerabilities and provide a means for you to share information with us. We've created this page to discuss this.

Responsible disclosure includes:

  • Giving Perch a reasonable amount of time to fix an issue before you publish it.
  • Making a good faith effort to avoid privacy violations, the destruction of data or interruption of service.

If you follow these rules, we will not bring a lawsuit against you or involve a law enforcement agency. We'll thank you.

We are at the start of our responsible disclosure program. At this time, we are offering to publish the names and link out to whitehats who have helped Perch realize and fix security bugs. At some point in the future, we may retroactively reward all Whitehats. We may also institute an official bounty program at any time.

Policy Exclusions

This list is not necessarily complete. We evaluate all reports on a case-by-case basis.

  • Denial of Service vulnerabilities
  • Spam or Social Engineering techniques
  • Non-security related bugs
  • Issues related to WordPress

How to Disclose

You can disclose a vulnerability by emailing We will do our best to respond as quickly as possible.

In your disclosure, please include a description and potential impact, steps to reproduce the issue or a proof of concept and a name and link for attribution (if desired).

Thank you for helping us keep the Perch community safe!

Acknowledged Security Researchers

  • Your Name here (@YourTwitterHandle)