Please email [email protected] to report any security vulnerabilities. We will acknowledge receipt of your vulnerability report the next business day and strive to send you regular updates about our progress. If you're curious about the status of your disclosure please feel free to email us again. Please refrain from requesting compensation for reporting vulnerabilities.
When a vulnerability is suspected or discovered we create a confidential issue to track it internally. Security patches are pushed to tenthousandcoffees.com as soon as a fix is available.
If you want to conduct red teaming against Ten Thousand Coffees you will need written permission upfront. You can apply by emailing [email protected] your plans and experience. You need to get a written authorization letter from our Chief Technology Officer. While you are engaged in red teaming activities you should coordinate with the Ten Thousand Coffees Engineering Team so escalation (law enforcement, etc.) can be avoided.
When a security vulnerability in some 3rd party product is discovered by Ten Thousand Coffees team members the following disclosure guideline should apply: