Reporting Security Concerns

At Method, security is fundamental to everything we build. We value the security community’s contributions and encourage responsible disclosure of potential security vulnerabilities. This page outlines how to report security incidents, vulnerabilities, and general security concerns.

---

Reporting Security Incidents

For routine security issues, you may contact the Method Security team directly by following this process:

1. Compile technical information: Gather as much detail as possible, including:

   • Steps to reproduce the issue
   • Affected systems or components
   • Scope and impact assessment
   • Any logs or evidence

2. Secure communication: For sensitive security matters, please use encrypted communication methods when available.

3. Contact the team: Email security@method.security with your findings. Include the best means of return communication and any relevant technical details.

4. Expected response: Allow up to two (2) business days for initial acknowledgment of your report.

---

Reporting Product Security Vulnerabilities

Method Platform Customers

If you believe you have identified a security vulnerability in the Method Platform:

Primary Contact: Reach out to your Method representative directly. They will surface your concerns to the Method Security team for immediate review and remediation.

Alternative Contact: You may report vulnerabilities directly to the Method Security team by emailing security@method.security with:

• A detailed description of the vulnerability
• Steps to reproduce the issue
• Potential impact assessment
• Any proof-of-concept code (if applicable)

Security Researchers

Method is committed to working with security researchers and the broader security community to identify and address potential vulnerabilities. We welcome responsible disclosure and follow industry best practices for vulnerability management.

To report a potential security issue or vulnerability in our platform:

1. Compile detailed information:

   • Full description of the vulnerability
   • Steps to reproduce and validate
   • Affected components or versions
   • Proof-of-concept (if available)
   • Potential impact and severity assessment

2. Report the vulnerability:

   • Email security@method.security with your findings
   • Use “Security Vulnerability Report” in the subject line
   • Include your preferred contact method for follow-up

3. Expected timeline:

   • Initial acknowledgment within two (2) business days
   • Regular updates on remediation progress
   • Coordinated disclosure timeline upon fix deployment

Responsible Disclosure Guidelines

We ask that security researchers:

• Act in good faith: Avoid violating privacy, destroying data, or disrupting Method services
• Provide reasonable time: Allow Method adequate time to investigate and remediate before public disclosure
• Avoid social engineering: Do not target Method employees, contractors, or customers
• Keep it confidential: Do not publicly disclose the vulnerability until we’ve had adequate time to address it

We commit to:

• Acknowledge your report promptly
• Keep you informed throughout the remediation process
• Work with you on responsible disclosure timelines

---

Security Concerns and Questions

Your Method representative is available to discuss any security questions or concerns you may have regarding the Method Platform. For matters that require security team expertise, they will coordinate conversations with Method’s Security staff.

General Security Questions: Contact your Method representative or email security@method.security

Security Documentation: Refer to our platform security documentation for information about:

• Security architecture and design principles
• Data protection and encryption
• Access control and authentication
• Compliance and certifications
• Security monitoring and incident response