In accordance with the disclose.io core terms, openx defines the following:

Any vulnerability in the openx repository that either results in an unintended loss of funds or results in grievance for other users of the openx platform are covered under the responsible disclosure program.

Since openx is in its research stage right now, we are unable to provide any rewards.

1. Personal Message to "Varunram" on freenode IRC
2. Preferably Encrypted Email to contact@varunram.com. Our PGP Key fingerprint is C98F 0014 9A99 36E4 E56D 2471 708C 6065 04A4 9970

If you do not receive a reply within one day, please do send a reminder so we can act at the earliest.

We believe in a coordinated disclosure program where vulnerability details may be shared with the public after the vulnerability has been fixed and the program owner has provided permission to disclose or after 90 days from submission, whichever is sooner.

We thank anyone who plans to report a vulnerability in advance and hope to work with you on a fix as soon as possible.