We take security very seriously. Since this is a browser extension which has access to the extension API's and because it's a developer focused extension it's extremely important to make sure no confidential/sensitive data ever leaves or is collected by the extension.

We have 2 versions of the extension that exist in the chrome web store, a beta and a stable build. Any security related issues if present in both will be patched to both.

To report a vulnerability directly contact Jon McLaren OR Submit an email explaining the vulnerability to hubspot-developer-extension@googlegroups.com. This will go to the core group of maintainers.

This extension is maintained by volunteers - that said response time can vary. We will make every effort to respond quickly. If the vulnerability is a true vulnerability we will create a hidden branch and discussion thread for resolving this issue, push the update to the chrome web store as soon as possible.

As this is a volunteer driven project with no finances we're sorry we can't offer any financial reward. We will however give full credit to you for discovering the hole, and you will be allowed to publish details on the exploit. We do ask however that you do not publish prior to the security hole being patched in the chrome web store + 1 day(to give chrome time to push the update). Publishing early will put all of the users at risk.

If you feel during any step of the way that there is an issue in our process feel free to let Jon McLaren know. We are open to improving it.