Reporting a vulnerability

Turnkey highly values the security of our software, services, and systems and we actively encourage the ethical reporting of any security vulnerabilities discovered. We invite researchers and users to report potential security vulnerabilities to our Bug Bounty Program via the form below, or to us via email at security@turnkey.com. When submitting a report via email, please provide a thorough description of the vulnerability, including steps to reproduce it and its potential impact.

Upon receiving a report, our team promptly assesses and prioritizes the vulnerability based on its severity and potential impact. We then take reasonable and appropriate steps to mitigate and remediate the identified risks in accordance with our internal policies and timelines. Where feasible, we will endeavor to keep the reporter informed throughout the process. Our approach is designed to ensure confidentiality and offer safe harbor to researchers, promising that those who report vulnerabilities ethically and in good faith will not face legal action.

We expect reporters to treat vulnerability reports submitted to Turnkey, along with all associated information and/or data, with a high degree of care, use it solely for the purpose of reporting to Turnkey, and to not disclose it to any third parties without our written consent. With the reporter's consent, we may publicly disclose details of the vulnerability and acknowledge their contribution after it has been resolved.

For further inquiries or more information about our program, please contact our security team at security@turnkey.com.

Bug bounty submissions

Use the form below to directly submit vulnerabilities for triage and evaluation as part of our bug bounty program.