NOW TV and Responsible Disclosure
At NOW TV and Sky, we recognise the important contribution of the security research community. If you believe you’ve found a security issue and would like to tell us about it, here’s how to report it.
What kind of things should I report?Please only report security issues such as (but not limited to):
- XSS, XXE, CSRF, SQLi, Local or Remote File Inclusion
- Authentication issues
- Remote code execution
- Authorisation issues and privilege escalation.
Please don't include any NOW TV internal data with your report.
If you have any concerns about privacy or data protection, please see the Contacting Sky section of our Privacy notice.
If you're having any problems with your NOW TV services (including accessing your account), get in touch.
How do I submit a report?
Please submit your report by emailing Responsible.Disclosure@Sky.eu and include as much of the following information as you can:
- Your name
- Contact details
- Issue type
- Affected product/service and associated URL
- Details of the attack scenario
- Steps to reproduce
- Number of people impacted (e.g. 0–100, 100–1000)
- Confirmation as to whether this issue is known to anyone other than you
- Related sources (e.g. Twitter feeds, forum posts).
By submitting a report to Sky, you agree to keep the subject matter of the report, as well as all subsequent related conversations with Sky, strictly confidential. This is so that we have the opportunity to investigate and take action as needed.
What happens next?
We want to ensure that our services continue to be as secure as possible, so we’ll review your report quickly. Once you’ve submitted it you’ll get an email from Sky confirming receipt and the next steps.
If you have any questions about Responsible Disclosure at NOW TV and Sky, please contact Responsible.Disclosure@Sky.eu.