Vulnerability Disclosure Policy for Security Researchers

MathWorks takes security seriously. If you believe you have discovered a security vulnerability in MathWorks products or services, we appreciate your disclosing it to MathWorks.

How to Report a Vulnerability

Please contact us at: product-security@mathworks.com. If needed, you may encrypt your communications using our PGP key.

What to Include in Your Report

Please provide as much information as possible to help us validate and reproduce the issue, including:

  • Products and versions affected, or URL if the issue relates to an online service
  • A description of the technical details of the vulnerability
  • Step-by-step instructions to reproduce the issue (including screenshots for each step or a screen recording, where appropriate)
  • An explanation of how the vulnerability may be exploited, including realistic attack scenarios and potential impact
  • Any relevant configuration or environment details (e.g., OS, browser, settings, authentication state, or network context)
  • Whether the vulnerability is public or known to third parties; if so, please provide details

Submission Requirements

MathWorks requires that all vulnerability reports submitted contain clear, actionable, and original analysis specific to MathWorks products or services. Reports should include sufficient detail to enable validation and reproduction. Reports that do not demonstrate a clear understanding of the issue, lack product-specific context, or do not provide actionable reproduction details will not be considered.

MathWorks does not accept submissions that consist primarily of generic, low-effort, or automatically generated content that is not tailored to MathWorks products or services. Submissions must reflect meaningful original analysis. Reports failing to meet these requirements may be rejected without further investigation.

Vulnerability reports must be submitted through a single channel. Duplicate submissions across programs will not be considered and may impact eligibility for bug bounty participation.

Disclosure Program Notice

MathWorks does not provide monetary compensation for submissions made through this Vulnerability Disclosure Policy (VDP).

MathWorks operates a separate public bug bounty program through Bugcrowd, where submissions may qualify for monetary rewards in accordance with program scope, eligibility criteria, and Bugcrowd terms. The MathWorks Bugcrowd program is available here: https://bugcrowd.com/engagements/matlab-online. MathWorks also operates a private, invite-only bug bounty program through Bugcrowd. If you wish to participate in this program, please contact us at product-security@mathworks.com to indicate your interest. Participation in the bug bounty programs is subject to program requirements and acceptance criteria.