MeritFirst welcomes good-faith security research. If you believe you have found a security vulnerability in our products or infrastructure, we want to hear from you. This page explains how to report it to us, what you can expect from us, and the rules that keep your research protected.
This is a vulnerability disclosure program. It does not currently offer monetary rewards.
Email security@meritfirst.us with:
Our machine-readable disclosure information is published at /.well-known/security.txt.
In scope:
Out of scope:
We will not pursue legal action against researchers who: