Security Transparency
Security Contact Information
You believe that you found a vulnerability?
Send your well documented finding (including a proof of concept) to security@979.st. We will review it and investigate its impact and relevance. Make sure to encrypt your email using our public key (PGP) and provide us with your own for encrypted communication. You should report your findings in accordance with common responsible disclosure practices to protect our users. All reports begin as non-public submissions to our security team.
Disclosure Process
We handle reported vulnerabilities under a coordinated disclosure policy. We typically publish findings after the vulnerability has been fixed and further testing has been conducted, though we reserve the right to determine what information will be released. You may not publicly disclose the vulnerability.
Bug Bounty
We do not have a bug bounty program, nor do we currently have funds allocated for rewards. That said, if you find a vulnerability, we may still be able to offer something based on its relevance and impact, but please understand this is not guaranteed.
Disclosure History
| Date | Project | Title | Severity | Affected / Fixed | Researcher |
|---|---|---|---|---|---|
| 2026-04-11 | 2fa | Version 2 internal accounts file | Medium | pre-release / yes | — |