Responsible Reporting of Security Issues

Vue understands that security is essential in maintaining the trust our customers and guests place in us to provide our products and services. Whilst we continue to be vigilant and always seeking to improve our maturity in this space, we recognise the important role that security researchers play in helping to keep our users secure. If you are a security researcher and have discovered a security vulnerability in our website or services, we ask for your help in disclosing it to us in a responsible manner.

If you discover a site vulnerability or are a customer who is concerned your account has been compromised, please notify us via [email protected]. We encourage you to encrypt sensitive information. 

When reaching out to us, please include:

A detailed summary of the issue, including a list of steps for how we can reproduce it.
Correct contact information, such as an email address, by which we can reach you in case we need more information.
Vue strongly believes in our responsibility to protect our customers data and their interests in this matter. To that end, we believe that responsible disclosure involves privately notifying us of any security vulnerabilities, and allowing us appropriate time to diligently address the vulnerabilities before making full disclosure to the public. We will do our best to notify you as soon as the vulnerability has been addressed and ask that you do not disclose it publicly or share it with others until then.

We appreciate these types of research activities, but will not tolerate any actions that put our users at risk:

Do not attempt to access, modify, destroy, or disclose our users’ information.

Do not attempt to deface or degrade our services.

Do not violate applicable law.

Reporting your vulnerability

Submissions must include written instructions for reproducing the vulnerability.

If reporting vulnerabilities as a video, we ask you to not post POCs publicly without our consent to video-sharing sites such as YouTube, Vimeo. In the case that you need to share a video please ensure it is password protected.

We ask you do not publicly disclose your submission until Vue has evaluated the impact.

The combined contributions of all security professionals in the wider community are essential to keeping us all secure. We thank everyone in this space for their efforts

Bug Bounty

Please be aware that we do not operate bug bounty programme at this time and therefore do not offer rewards by default. Discretionary nonfinancial reward may be offered based on risk and other factors.