NOW and Responsible Disclosure

At NOW and Sky, we recognise the important contribution of the security research community. If you believe you’ve found a security issue and would like to tell us about it, here’s how to report it.

What kind of things should I report?

Please only report security issues such as (but not limited to): 
  • XSS, XXE, CSRF, SQLi, Local or Remote File Inclusion
  • Authentication issues
  • Remote code execution
  • Authorisation issues and privilege escalation. 

Please don't include any NOW internal data with your report.

If you have any concerns about privacy or data protection, please see the Contacting Sky section of our Privacy notice

If you're having any problems with your NOW services (including accessing your account), get in touch


How do I submit a report?

Just click the button below to submit your report via Bugcrowd. (If you don't already have a Bugcrowd account, you'll need to create one before you can submit your report.)

By submitting a report to Sky, you agree to keep the subject matter of the report, as well as all subsequent related conversations with Sky, strictly confidential. This is so that we have the opportunity to investigate and take action as needed.

Submit a report

If you have any problems submitting your security report directly on the Bugcrowd VDP page, you can use our online form instead.


What happens next?

We want to ensure that our services continue to be as secure as possible, so we’ll review your report quickly. Once you’ve submitted it you’ll get an email from Sky confirming receipt and the next steps.  

Did you find this helpful?