Responsible Security Disclosure

At 100ms, safeguarding data is our paramount concern, and we recognize the invaluable role of skilled security researchers in identifying potential vulnerabilities across our technology stack.

Disclosure Procedure

  • If you uncover a potential vulnerability, please promptly notify us via email at We commit to acknowledging your communication within one week.
  • Kindly afford us a reasonable amount of time to address the issue before making it public or sharing it with any third party. We endeavor to resolve critical vulnerabilities within one month of disclosure.
  • We request that you exercise good faith in your efforts, refraining from actions that compromise privacy, data integrity, or the uninterrupted functioning of the 100ms service. Interaction should be limited to accounts under your ownership or with explicit permission from the account holder.
  • In case you uncover or run into personal identifiable information (PII) of any user or users, please refrain from sharing, storing or using the information in any way or form once the vulnerability and breach has been reported.


During your research, please abstain from:

  • Engaging in Denial of Service attacks
  • Spamming activities
  • Social engineering or phishing attempts targeting 100ms personnel or contractors
  • Any form of attack directed towards 100ms' physical assets or data centers
  • Any actions that could harm 100ms' users
  • Employing automated scanning tools, scrapers or automated testing methodologies

Submission Guidelines

To expedite the resolution process, we request that submissions include the following details:

  • A concise description of the identified issue, accompanied by a possible attack scenario
  • Clear steps to reproduce the vulnerability, demonstrating a successful test case
  • Recommendations for fixes, mitigation, or temporary workarounds to address the reported issue

Thank you for your contribution to enhancing the security of both 100ms and our users' experiences. Your collaboration is instrumental in maintaining a safe and reliable platform.

Have a suggestion? Recommend changes ->

Was this helpful?