The SecureDrop engineering team welcomes contributions from security researchers to ensure the whistleblowing process is as safe as possible for sources. Testing by external security researchers helps minimize risk, and we're encouraging ethical behavior through our bug bounty program hosted by Bugcrowd, offering rewards up to $2,500 for security issues found in SecureDrop. This month's malware attack highlighted the need for responsible security research, and we've clarified unacceptable behavior to ensure users are protected while still allowing creative attacks like the one demonstrated this month. We're also accepting security issues through PGP-encrypted email if preferred, and our bug bounty program is open to researchers who want to alert us to vulnerabilities in SecureDrop technology stack.