Postman has aimed to ease the life of developers working with APIs since its inception and has worked hard to bring the best API development tool to millions of developers around the world. Developing a GUI driven API Development Environment is a consuming affair and our small team works hard to bring you the best tool with security as a high priority aspect.
We appreciate the efforts of everybody towards making Postman a secure tool to work with. If you believe you’ve found a security issue in our product or service, we encourage you to notify us. We will work with you to resolve the issue promptly.
Important Non-security bugs, general best practice violation and queries about problems (this includes password problems, suspected fraud and account abuse issues) with your account should be instead directed here. This would ensure that we can reach out to you efficiently.
For Postman to be able to effectively address and resolve the security issues, the security report must contain information pertaining to the impact of the vulnerability under realistic scenarios without needing to actually exploit the vulnerability.
We spend time analysing every vulnerability that is reported. However, being a small team, we need to place some eligibility criteria to make the process manageable.
Being a developer tool, certain aspects of the product or service might appear vulnerable superficially. However, care is taken to address them using other means. Adding to that, certain class of vulnerabilities are considered low-impact owing to the development stage of the service.
We believe in recognizing the work of others. If your work helps us improve the security of our website, we'd be happy to acknowledge your work in our Hall of Fame as well as by sharing swag.
Thank you for helping keep Postman and our users safe!