# Reporting Security Issues

The Viaduct team and community take security bugs in Viaduct seriously. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions.

Any security issues should be submitted directly to the [Airbnb bug bounty program](https://hackerone.com/airbnb). In order to determine whether you are dealing with a security issue, ask yourself these two questions:
Can I access something that's not mine, or something I shouldn't have access to?
Can I disable something for other people?
If the answer to either of those two questions are "yes", then you're probably dealing with a security issue. Note that even if you answer "no" to both questions, you may still be dealing with a security issue, so if you're unsure, please direct questions to our bug bounty program.