Vulnerability Disclosure Program

At Forto, we take the security of our platform very seriously. If you have detected a vulnerability within our platform, please email us at . We’ll investigate any reports and do what is needed to fix security issues as soon as possible.


Currently we do not offer any financial rewards for vulnerability reports. Please attach to your report details how to reproduce the vulnerability, for example screen-shots, code or recordings. 


As a confirmation of the report submission, you will receive a non-automated response within business days (Berlin, Germany)  with our initial assessment of your finding. We will also keep you posted on our progress and let you know when you may publish it.


We kindly ask you to not disclose the vulnerability until you receive a notification from us.


Please do not send us reports about attacks that rely on generating large volumes of traffic (eg DDoS attacks), or physical attacks on offices and data centres.We want to thank all security researchers for their contributions to the security of our platform.