ISO Mate is grateful to the security researchers who take the time to responsibly report vulnerabilities to us. Their work helps us keep our platform and our customers safe. This page recognizes the people who have made a valued contribution to the security of ISO Mate.
A Note on Compensation
ISO Mate does not currently operate a paid bug bounty program. We are an early-stage company, and at this time we are not in a financial position to offer monetary rewards for vulnerability reports.
We want to be completely transparent about this. Rather than let your contribution go unrecognized, every researcher who responsibly discloses a valid vulnerability is added to a list for future compensation. When the company reaches a financial position that allows it, we intend to recognize these contributions retrospectively. Being listed here is our commitment to that promise.
Responsible Disclosure
We ask that researchers give us a reasonable opportunity to investigate and remediate a reported issue before disclosing it publicly. To protect our customers, we only add a researcher and the details of their finding to this page after the vulnerability has been fully remediated. Entries are published with the researcher’s permission, and we are happy to credit you by name, handle, or anonymously, whichever you prefer.
Recognized Researchers
The researchers below have responsibly disclosed vulnerabilities that we have since remediated. We add new entries here as reports are validated and fixed, with each researcher’s permission.
| Researcher | Vulnerability reported | Date recognized |
|---|---|---|
| Anonymous | Missing HTTP Strict Transport Security (HSTS) enforcement on the API, which could allow an HTTPS downgrade attack on a hostile network. Now remediated. | June 2026 |
How to Report a Vulnerability
If you believe you have found a security vulnerability in ISO Mate, please email us at security@isomate.io with enough detail for us to reproduce and validate the issue. We will acknowledge your report, keep you informed as we investigate, and let you know once the issue is resolved. For more information about how we protect your data, see our Security Practices page.
Contact
For anything related to security or responsible disclosure, please contact us at security@isomate.io.