---
title: "Netlify’s commitment to security transparency | Netlify Blog"
description: "Netlify is committed to the transparent, responsible disclosure of vulnerabilities for the safety and security of our customers’ data."
source: "https://www.netlify.com/blog/our-commitment-to-security-transparency/"
last_updated: "2026-07-14T19:43:08.000Z"
---
Vulnerabilities happen. The question is how you respond when they do. At Netlify we are committed to the safety and security of our customers’ data. As a part of that commitment we are passionate about being transparent when it comes to the responsible disclosure of vulnerabilities in the packages that our community uses to build a better web. As a part of our community you can rest assured that we will not only fix vulnerabilities in a timely manner but we will disclose what happened so that we not only improve but our community improves as well.

## Netlify’s commitment to responsible disclosure

The responsible disclosure of vulnerabilities is a key tenant of the Netlify Security Team. In each and every case we will only disclose vulnerabilities that have been fully remediated.

## Netlify’s collaboration with bug bounty researchers

We’re passionate about working with our bug bounty research partners to make the Netlify platform better for everyone. Should a researcher come to us with a vulnerability and we are able to extend what they have found, then we will pay out at the extension amount. If you’re an amazing bug bounty researcher, we want to work with you. Have a look at our [public bug bounty program](https://hackerone.com/netlify/) today.

## What can Netlify customers and the community expect going forward?

If we see something, and it constitutes a Critical or High CVE rating, then you can expect that we will responsibly say something about it. Our goal is that we make our community of amazing developers better through transparent disclosures so that we can make the web a safer place together.

## 48 hour notification policy

Should there be a vulnerability where we do need our customers to take action, you can expect that once we’ve completed our investigation you will be contacted within 48 hours, which is the same as our security incident notification policy. Our goal with this process is two-fold: 1) we’ve verified that our customers and community are no longer vulnerable; 2) we’ve verified that customer(s) and the community were not exploited during the exposure window.

## Responsible disclosure of findings to Netlify

You can help us make the web not only a better place but a safer place as well by responsibly reporting your vulnerability findings through our [public bug bounty program](https://hackerone.com/netlify/).

### Share

-   [X (fka Twitter)](https://twitter.com/intent/tweet?text=Netlify’s commitment to security transparency&url=https://www.netlify.com/blog/our-commitment-to-security-transparency/)
-   [LinkedIn](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.netlify.com%2Fblog%2Four-commitment-to-security-transparency%2F)
-   [Facebook](https://www.facebook.com/sharer.php?u=https://www.netlify.com/blog/our-commitment-to-security-transparency/)
-   [Bluesky](https://bsky.app/intent/compose?text=Netlify’s commitment to security transparency+https://www.netlify.com/blog/our-commitment-to-security-transparency/)

* * *

### Tags

-   [Security](/blog/tags/security/)

## Keep reading

![](/_astro/cfdc437592ee2bf75a62690af707d52533d08063-1600x900_2njoni.webp)

Opinions & Insights May 14, 2026

[

### How we built Netlify Database for AI-native development

](/blog/how-we-built-netlify-database-for-ai-native-development)

-   ![Profile picture of Eduardo Bouças](/_astro/52958f21e8450baf6d8e60302341a984e220c0cd-512x512_13VDlu.webp)
    
    Eduardo Bouças
    

![](/_astro/97a103abeebc73c01640f04a5c7555c1d10469aa-1200x675_Z8E0d4.webp)

Opinions & Insights May 6, 2026

[

### My experience building and deploying a project with Netlify Agent Runners

](/blog/my-experience-building-and-deploying-a-project-with-netlify-agent-runners)

-   ![Profile picture of Conor Martin ](/_astro/d1f759333090a4801940b47bf8701c441c6bd4a4-375x375_Bsg02.webp)
    
    Conor Martin
    

## Recent posts

News & Announcements July 14, 2026

[

### More headroom, a lower per-credit rate, and a bill you can predict: introducing new Pro plan tiers

](/blog/new-pro-plan-tiers)

-   ![Profile picture of Gehrig Kunz](/_astro/b4e9f58d914d1334ea70d53ea55a1f26b26f1445-512x512_17SwOI.webp)
    
    Gehrig Kunz
    

News & Announcements July 13, 2026

[

### Netlify inside of Claude Design

](/blog/netlify-inside-of-claude-design)

-   ![Profile picture of Sean Roberts](/_astro/bbf2243f8171dbddd80ab2103622106cef84d125-512x512_Z1d2LKE.webp)
    
    Sean Roberts
    

News & Announcements June 25, 2026

[

### Netlify Functions, designed for Agent Experience

](/blog/netlify-functions-designed-for-agent-experience)

-   ![Profile picture of Eduardo Bouças](/_astro/52958f21e8450baf6d8e60302341a984e220c0cd-512x512_13VDlu.webp)
    
    Eduardo Bouças
    

![](/_astro/3f255b372fa958df35802666ee33b4609b2d71bd-1200x1586_1VtE2D.webp)

### How do the best dev and marketing teams work together?

[Access the report](https://www.netlify.com/reports/2024-leadership-trend-report/access/)