Reporting Security Vulnerabilities
Ensuring the security and integrity of the Twilio platform is critical to the service we provide to you. We are committed to providing a secure product and appreciate your help in responsibly identifying ways for us to improve Twilio. To that end, Twilio accepts vulnerability reports from all sources such as independent security researchers, industry partners, vendors, customers, and consultants.
The Twilio security disclosure program provides two ways to report vulnerabilities in Twilio applications and online services. One way is through the Twilio Vulnerability Disclosure Program. Anyone can report vulnerabilities through this program, even if you don't meet our Twilio Bug Bounty Program requirements. To submit a vulnerability through the Vulnerability Disclosure Program, visit the Twilio Vulnerability Disclosure Program page. Though this program doesn't offer monetary rewards, we appreciate your contributions.
Twilio partners with the global security research community to identify and respond to vulnerabilities. Researchers can earn rewards for reporting vulnerabilities to us through this program. To participate in our bug bounty program, sign up on the HackerOne platform and accept the Twilio Terms of Service.
Finally, to report any SendGrid service-specific abuse, please go to our spam/phishing reporting page. For all inquiries and document requests regarding Twilio security, check out our Twilio and Twilio Segment Trust Centers.