Vulnerability Disclosure Program
Blog post from Twilio
Twilio's Vulnerability Disclosure Policy outlines the principles and procedures for reporting security vulnerabilities, emphasizing mutual trust, respect, transparency, and the common good between Twilio and security researchers. The policy applies to all digital assets owned or operated by Twilio, including public-facing websites, and encourages reports from various sources like independent researchers and industry partners. Twilio commits to maintaining confidentiality and respect in its interactions with researchers and works collaboratively to validate and address reported vulnerabilities. Researchers are asked to responsibly communicate potential vulnerabilities, avoid privacy violations or system disruptions during testing, and refrain from publicly disclosing unverified vulnerabilities. Reports should be submitted through a specified web form, and Twilio's security team will acknowledge receipt, investigate, and resolve the issues. Additionally, Twilio offers a Bug Bounty Program for researchers interested in earning rewards for their contributions to security.