Security of user data is of utmost importance to Vtiger. In pursuit of the best possible security for our service, we welcome responsible disclosure of any vulnerability you find in Vtiger. Principles of responsible disclosure include, but are not limited to:
More severe bugs will be met with greater rewards. We are most interested in vulnerabilities with *.od1.vtiger.com and *.od2.vtiger.com. Other subdomains of vtiger are generally not eligible for rewards unless the reported vulnerability somehow affects *.od1.vtiger.com or Vtiger customer data.
Please email us at firstname.lastname@example.org with any vulnerability reports or questions about the program.