Skip to content

The security of our members’ data is a top priority at Bulb. If you’re a security researcher and have discovered a security vulnerability, we encourage you to disclose this to our security team.

Bulb does not currently offer bug bounties. But we’re happy to send you company merchandise if you report something we can reproduce and don’t already know about.

How to report a vulnerability

If you have discovered a security vulnerability anywhere in our service you can email us at securityteam@bulb.co.uk. Our PGP key for reports is at the bottom of this page.

Please do not:

  • send security vulnerability information through Bulb customer service channels

  • disclose the vulnerability information reported to Bulb to any other third party without our explicit permission

We ask reporters to follow these recognised rules for disclosure.

What you can expect from us

We will try to read and respond to all messages within 24 hours. We may ask for more information, especially if we can’t reproduce your finding. Then we’ll triage the vulnerability and, if necessary, assign it to the right Bulb team or supplier. When remediation work is necessary and scheduled we will notify you. And we’ll attempt to fix vulnerabilities we designate as high or critical within 30 days.

When testing, do not:

  • disrupt our systems or service

  • access any data that doesn’t belong to you

  • use invasive or destructive scanning tools

  • violate the privacy of our members or staff

  • attempt to socially engineer our staff

  • probe systems run by third parties, even if they’re used by Bulb

Our PGP Key

-----BEGIN PGP PUBLIC KEY BLOCK----- xsFNBF8hbI0BEAChB/D7GrWoorDGLD0VOdIFG/5rd6SpuN27hnF41h4KZ8Ue KuVwVQS/h6hYydr/wWnv+s+/I5wEjeFbHf8j2G/xYLQ7o8JZ0ymLRORB69f3 wlQaSg1aXMW8aToeT25EH0DZaMQ6+Y63VLwZzTIr5PrJY+UCEdrbofAt5c3c iWMiT2rOLKHgGdEB/WwfrZe5Qp9vL/VMyvAF57sBB4/mZ/Tq/da76e1B4q5y TyAuYBQf2ja8J0cXSFHW5hIOxAJ+ImQ4ivxFZDwxGeuhGN5Ah0S51YHcRGqt DP95dOzVRkR+OhsK9Cv93b5LvzuhiNki4CVEwgDtqBjSYciDyabvN3G9QEmz 1xf/26v75+r0+5d++PAoQZOGxHgRMyKhA6Q/FycbyyfHeVvxA5N2zEkHf0Pe Zc0sIky75ePFw2aU3D3kByol2x4Atc5tVryd/gVwT71oAkjEV1KWfWLROUiE wc2ql2iF8U662tccIT73Zi7QC6PvVqerUM/Yhvf1OHrnqfh/1JN7LVoHqvLo vC6yAebMbnLirIsyU7WP8KgKgy2QvXFh48h8EBRCHXJ5PNyH14iq78KTvmjh qrZcyQAaqs5iunzqpautPQGo2eI/X1XTx6WukvJcrG+uWwi62EZM+Nm7rRFa bLACxXp8IwVAWpDtG/wtO1d/EB+l4nVbnW9zuwARAQABzSxCdWxiIFNlY3Vy aXR5IFRlYW0gPHNlY3VyaXR5dGVhbUBidWxiLmNvLnVrPsLBdQQQAQgAHwUC XyFsjQYLCQcIAwIEFQgKAgMWAgECGQECGwMCHgEACgkQQfvZ4xKrBg5l+w// ftEw7DTcfkCDuub/TRwX+BuOq31hVxM9+0ziu+SvLO3NRWdx0ASnXMZGiDvd VxZcI19ezzLel5rWmFxvdBJeOoz4G3wHgFHIULt7wvfkuTEkKr9mICdh4ncU 4u49SMUfj8KaYQEV1y9am6JkbhCdTKA/NId2FSkbZgPzIpQLIUetDh0pgv21 Qkzeio+WOGC+7tC/ncd80uDCC+I9vdc++TjY+z/2XqtWt6qz+vOrXDiEdBNF x5pp0nY/aIH2MNGqBTy70a5GiqakqdxW4iIPqfsP6Kwh/9cqGAGPLR5xiXBT JnbxCntnxlmcBNtgRzCTeUTuKKKs39WtiOCns7UWlzXeoD8whDcmHrWmY1AP ugNXObXe4xO3Op6r39RVIGfKqzxNGZHyBui/+UBhkdkGbZiP/bTQROJ3B2sU bxo7lC0hav92B6TNPmUSVoSj7nzkEoA+/n+OJhdAfTr1Gz0RPsChArg+7tkd VlcKi7uYLo7Za8EuRz0k/3U4DnIo7LDyx54H5PZLz55tved6cZDWYR6St0o9 mdXipzRyYUbCHgJNoBE4hUNxgeu+QJMN07O7CEO0j4RSt5s5kZNNzi6mdUCG Q8ZNqnlklUU6U3yG/pOcCk5XfX6ZPzf/fuMQEwB6Rgfzjd1fQt0BcdvWdAGt GJdz63DOUWuTgGCJDQsoYCHOwU0EXyFsjQEQAMXyLlSs5sTthlTe4qlpKAEC EwIvlPPXz3xSCGxAxXx0q+pQ4KgkgJTc/DGEjIe3mAa0+v8CaqQzzOtHSIL+ Rr261u8eBePPQ6wiy7p4n/YYoSIgC5wAsxF9BZ0j4mJpp9nfi7uo/YVgnBJi 865xrhopu+9MYUgNg77Y/h1HwKWdXBNpgXMsm8DApNyJHn5uMVPVoNatXjuw Clgh4dqA3IhzSmQzVWIDwFmzPSmBew1u0zD88d6ru430WL7Z5w3Oi8bBpj8n lR+WeMlYP/GiBxK+qi2Vc88mg93KV0h+zSgNyrzNGVWgfCLo5IkXqYHIeqZS ey10v6Ad+8ZPAwTsKmnzgUqsUPbqTHK2P5pRvX4PbtUmo7YzErlLPrKnhqsq gflSnOWshqM/NU3AD0NlxQr1xAr17Sf2K0bZ3xZbP07hb3rhA8zLmMq+e6+c 1U7uVqMa43zTqhYrK0rWkLbWFADziNFZhFLv2erDL8GBIx9z2O3/at6NPTwM XW2dnFchpiqATDKnsQKHDoCRcCJ5yyEs61OKa030341MOE5+njq+FYs9aO+Y /CxY/6CVs/Iy8y9zS9ViZL0hCELUBeD22mP8koqJIrohgowb6GhZdwdR0IG5 4GXPZOKaT3DX0mX1gsN5gwe0nk3SFaN1yhp9UVW2YaECuB30Ovd1OOy1QcF9 ABEBAAHCwV8EGAEIAAkFAl8hbI0CGwwACgkQQfvZ4xKrBg7C+A/9FvPtkvTE ZT2l19E0FvhL6jQmLM9Krqb5SYMoIZWPSwpvkOvVaFXarXhPvgeIvnDFpqGk Va4HccqgnCLfVfQnkYSPqSAKSSePpqHRCzvEf3+gznDU795pSkHoGXZRAsk1 T84SKXkY/TmWskMS5grL0f4Ox3L5qUp4qkYnt0cR1Uv5ZlVJPIIoddOgPfTl 3L7IuLVzAjTr0xOV4pCDZszUXAWScyYt67/TPIHGqJ6Dycklz9oY0ALbofzf 9TIbRUT3QWZzFL8YJGq53jD0RDVlc9pQbQcRjnKKAS1+ltNp/njDhi8xoHfa eugrsrnQ69dD/3S3edv3LidPfsh1ZRjEP/zhp/4tJoLLu7v34XR/rzi4I/yO Q8/yBQJnmazwvDxEQzZ4vyM5hojBP4xHL2qAqaq8zRqVF68F3VmytoLVJSWG 9A1GHbXl25MKehCdm37pohYqY6CIJ9eW7VVlpMXyPJPux08RO92LTTEygIOx gi56YDFAQgRWrPAbzydTzz289acKOpwmdXYlBx3cUf1x+EtfUnXqFTeFcXdQ A5D2Ex06g9CI+b9fjRe/iSbvXTIYbK8ph5yamqesjQtH25n0dr8+kuut1W7/ otqojp8n7bhesfGobE9c/Rafjiesx0OJ5Xz+CS5VUDV7EWvv6DEqBif/xZ9m wDzcU+rA0UVGbzU= =PrCp

-----END PGP PUBLIC KEY BLOCK-----