All Collections
Platform
Security
Security Disclosure
Security Disclosure

Responsible Disclosure of Security Vulnerabilities.

Alex Piepenbrink avatar
Written by Alex Piepenbrink
Updated over a week ago

We want to keep TIME Sites safe for everyone. If you've discovered a security vulnerability, we appreciate your help in disclosing it to us in a responsible manner.

In return for finding any vulnerabilities, we offer "swag" such as stickers, t-shirts, and hoodies. The criteria for disclosing a security vulnerability are as follows:

  • You must be the first person to disclose the vulnerability.

  • Must not have disclosed the vulnerability to anyone or anywhere else.

  • Must not be a vulnerability hosted by a third party (i.e. CDN, blog, support, analytics, etc) unless it leads to a vulnerability on the main website or application.

  • Must not be a DoS or DDoS attack.

  • Must not be spam.

Publicly disclosing a vulnerability can put TIME Sites at risk. If you've discovered a security concern, please email us at infosec@time.com. We'll work with you to make sure that we understand the scope of the issue and that we fully address your concern. We consider correspondence sent to infosec@time.com our highest priority and work to address any issues that arise as quickly as possible.

Please act in good faith towards our users' privacy and data during your disclosure. We won't take legal action against you, or administrative action against your TIME Sites account if you act accordingly: White hat researchers are always appreciated.

Our PGP key is below. You may use this key to encrypt your communications with TIME Sites. (Unfamiliar with PGP? Have a look at GPG, and start by importing a public key).Once you've imported our key, you can verify the signature of e-mails we send you by running gpg --verify.

Key ID: 398A5770F613C390
Key Algorithm: RSA
Key Size: 4096
Fingerprint: 9BB0 61DA 7548 037B 544C 9444 398A 5770 F613 C390
User ID: TIME Sites Security <infosec@time.com>

--

-----BEGIN PGP PUBLIC KEY BLOCK---

Version: Mailvelope v1.1.0

Comment: https://www.mailvelope.com

xsFNBFYNkucBEADiYJivlqEpfKEC4hHtBmA+PCDxGQQbDSR63ltTqXLDB4Sw
xhM/CQvEzvnfUY1Wrs6pGDIpue3MAl7IYtMwsCx/uDuN3LeTwQSkasH19wVh
WlMIvpcz9dykDqRFcVbGIUh/7nPtdeLFOkpsYOCpI5M+sif8jScLW6GIXE2A
ee0lDlfCe1pe5XDt8+LvY+31FdLUyPXCZRQkU0eeEqDh4vKp0BYHo+0JqKR9
VZkS1oNkJZCTGcs87VRFgWs8dOxMr9wG//GuycBLU9knuj1aSwzQhiS6aOas
2miV8B4eG94wpUzfS+1SMD1pp8unzHkObY1hJz+m+Eii6xUzf1NgxyQcZqqB
B/iF/j1vQelFIXi8jfhQmnQlRm0jsgeiXXL6OYiu42XhQqTFQWMNnjxJ+jZl
d5/P5JWrU9kRkWyjcgB1sICsvi+3HxPzJjhcWwGph9oCZmg6Ly8sGdOYyJF+
5rhmnSPJm88VA02m5nZpOmcqjQk6enIuXr2g5KgptG5LV7gTD2k+myYB0uTW
jxCB45LO4Mk0G12smrrOP1sOJEQQ6FelCA8N0FVT/oUYV+s/ZHGuhRv4/Syp
sNAl7az1zQl38Txm/9sdGriCKdiGGyMVgFBD6IX1RXfWRJKpCWSAEhmLBM4+
bGgBgO2fKiLLy04R+VBp8HsRBdl4BHCu7x7gyQARAQABzStCcmFuZGNhc3Qg
U2VjdXJpdHkgPHNlY3VyaXR5QGJyYW5kY2FzdC5jb20+wsF1BBABCAApBQJW
DZLsBgsJCAcDAgkQOYpXcPYTw5AEFQgCCgMWAgECGQECGwMCHgEAAKmsD/9h
FQqaGuomH9LOEkW5EbiAmfsuc8VDypsE0qoE+wHTSX0/JIoax5bhwcqe1UjP
KgCgC9bbOf/2+VeYEWwNV4nksy2lBSvlNYODEIC7GQwBJDVUkSg8c+aH/wHB
/sRjRcrtNJRUjJSZXVO8irjePJIdCaBIWqT7EzoJHwHollAZ53dMvzdeEPWI
yrAl9ojNizWrtn41Qzu92/annmNlDh2zskWzWerp0B/JT11MWAFpYhOFqvkm
mjSHp9GQh3hXdohjqp9krJc7Qms9EYl0+IbuA0b6AWzylEQvcxayRK73N9Ex
rl+/IiHEvlul572znL67VvB7QF/3wbTC5TdJkLnKXm+tbNC/9vNACsyv2bmz
0mNjYizUbJWmmh7zO+8mYG1Vv9RrclNBpWEtiFJRyVAkZWHwMV1umuALkYRP
ZGsp6M03Tocbkwlm8XH3LmE3es90AVQN9mSg99oAj/aZEYTowU1ye5zA7Q9T
u9uh2yjM3aHtFU4oPgzT4MpkJtTPXSpH2XaY+XfmaZ0YVSSAy3Nl1iyohTck
RJrEQwSX5hZB0xMApo5f2eQ/XeHeC+NKoAsP5Viv/IMZqTgOE6hZb0TH3AdQ
dU7BZH7P9BRz4LEntrvrFs7BTQRWDZLnARAAvlvL9NgCyETnlJxVXk0rSNUA
aAT+O8C2bohh7bUF87+N28mxX+HADRpP7ktK6xM39JK+1ieDnc59ygPjqgwA
G8vSnDbOJ8a3eWJi6vy2XaLtB+mUB8zbA9qqyfHnLnFCeXS+/wzNMKq+aK7a
/IIt7wnlytNtEgM98xoSVLDwRNoOC45EEsVCvA3jaUXElFDOPx3WGjhsUx1a
Fj1svcsJY8FQwyIMgqCxgTqKhgJuIL1lRJLm3CFo+YclpHk4ciiaHcApZnOe
jMTp9awJVmbcKUxv56KDlBGfAVO53ia0XJ1R1OMVbpRWM4Meo2wT8HyH+Bjz
N0WZP0VMtiMUyhm7JwBfIOf6lQGjGMH7375y/Li/FG/veRHdMpugvsmTI3/n
j9ee4V/dOp4bJyPCsa5L6t7Ss+1OghkNF36PfFxA2nfw6fOfm4kXQM4obtV2
nuvzLUjlr7Fps8K1wZeQ2Nq9lLsklkFX2qoVf5o1ulRkyv1n4l2AHWSe6yxu
5yCtJkg5UWs6ffDMshM5Q55f06yFTiwNLxmbbxE+NWmxrh0WZq23dNaWh6Xb
DSaD4g/ckg3Y8iD0W7Kb4iTYF5m++rj0zSQdG90bGeLI3TIgDkPTpoJEbvee
5v7PsNQrhB8vS382pFXMXgMsZVRFB8qR9wNmrgKFuH0zndkCSZNBR6s28wsA
EQEAAcLBXwQYAQgAEwUCVg2S7gkQOYpXcPYTw5ACGwwAAAdRD/9PrZ6ovd0z
8oyQpbr6e+chgq7o01xV8Om8IvGdXjiB8h4BgTogsc55yAVsjaxu2GED+89a
s4OyJdMuom5hzomGfN2zY8E4d0IDNKB6a91C2R2IaazJqc6Lqq0Ore5MV4GQ
dNrXH0QSZ+cY4ounXCo7lvz6vY1dfH4OL0xuxigxPASVK5UiqZCahcqiqEYR
kJcj1EaZiLvOoYJfeciLNBbPYmaj5TEf5Okq7SdQF2GTxeKrGQUjOwJymHqR
Kfvcz2TpKjE3TeYm/clLGTzRzMuikE2ZeKU0YexmQctCRzuk2ijceJ7K3XkJ
bjU3vjie6rHfTIzoQpaNbYESA5Ql/wZyRgO9n8b8RVtyvhqxRNcF2Z0w4FX
r2M4o/Mf3m8oRAGng+eXgQymczTd7Vzc3W+g6jVwmqAft77X7rsYySAA7WWl
jVYf7Bn1ytZvUQFarphqn+kiXeYiv6gRqQeAIeWbzvumwsjtPnGEBaXqHAST
5F8ik2o6UhXX/QV0nt+AUokn6zmCfvZPU6lKiyk4tL8/UzVH9HKbueTRUCen
iZ6xdEvBWHbwZf/GL3O2kk7vdWsTB/Sf95Dp1XPF4T13nXcik0KZLUcMD/Lx
8tdehmCKXJpDkF2ERqErX49io/y09846UrqJomFgLWdYxnDqi4ETiJOUSOZM
JWDv87/EhGf6qw==
=Jk/I

 

 

 

 

 

 

 

 

 

 

——END PGP PUBLIC KEY BLOCK——

Did this answer your question?