Contacting Security

We want to hear from you

Keeping your data safe is our top priority. If you have any questions or concerns about the security of your data, please contact us at support@wesabe.com. Whether you just want to know more about our policies, or you’re looking for specifics about the technologies we use, we’re always happy to talk about security.

We want your help

We work with leading researchers, vendors, and products to keep on the cutting edge of web security. Nevertheless, some of our best ideas come from people like you. If you believe you have discovered a security problem on the site, or if you have thoughts about how we can do a better job protecting our users, please contact security@wesabe.com right away. If you’d like to encrypt your message for greater privacy, you can use our GPG key.

Our security response

We promise to respond to all reasonable reports of potential security vulnerabilities as soon as we can, usually within 24 hours. If you report a security problem, we will:

• Acknowledge your report, and provide you with contact information for our team as we investigate the problem
• Work with you to ensure that we understand the issue, and to consult with you about the best way to address it
• Work with other organizations, if necessary, to ensure other sites are protected too (since our system is based on a number of widely-used products and technologies)
• Keep you in the loop as this process takes place; and
• Give you credit, if you wish, once the issue has been resolved.

We take security issues very seriously, and are glad you do too. We hope that by working together we can keep Wesabe a safe place for everyone.

Our commitment to researchers

The responsible disclosure of security problems allows us (and others) to make the online experience better for everyone. Unfortunately, legitimate researchers sometimes are unfairly blamed for the problems they uncover. To encourage responsible reporting, we promise not to bring legal action in response to a disclosure, so long as researchers follow these guidelines:

• Share full details with us before making them public or telling others.
• Give us a reasonable amount of time to address the issue before disclosing the issue to anyone other than us. We will try to act quickly, but some aspects of our system are complicated and may take time to patch and test.
• Do not do anything that might harm the experience of Wesabe for others. For example, do not spam public areas of the site, or do anything that might cause a denial of service.
• Under no circumstances should anyone ever attempt to view, modify, or corrupt data belonging to others.

This promise is intended to balance our requirements and responsibilities against the protections and guarantees necessary to encourage responsible and timely disclosure. This is not an invitation to test the security of our systems without authorization. It is simply a reflection of our belief that security researchers are the good guys, but that they may be wary of reporting issues to us for fear of legal consequences. If you have any questions about this commitment, or have any doubts about whether your tests are appropriate, you should contact us before proceeding.