Security is a top priority at Tyler. We appreciate and value our clients and partners as well as the security research community — those who cooperate with us to proactively and responsibly disclose security vulnerabilities so patches can be made available. If you discover a vulnerability, please report it using the information below.
Reporting a Security Vulnerability
Data & Insights Clients or Users
Report via the Data & Insights bug bounty program.
All Other Tyler Clients
Submit a support ticket through the Customer Support Portal for any suspected security vulnerabilities in a Tyler product, service, or system.
Partners or Other Third Parties
Email findings to firstname.lastname@example.org.
Guidelines for Reporting
For the protection of our clients and our own systems and infrastructure, Tyler does not disclose or discuss security issues until our internal research is complete and any necessary patches are available. We ask that all who report comply with the following guidelines when reporting a vulnerability:
- Allow Tyler an opportunity to address a vulnerability within a reasonable time period
- Do not publicly share information about the vulnerability prior to updates being available
- Make a good faith effort to avoid privacy violations and destruction, interruption, or segregation of Tyler services or applications
- Do not freely exploit, modify, or destroy data that does not belong to you
Tyler’s application security team is responsible for triaging and managing product related vulnerability reports, which includes confirming the vulnerability, assigning risk and impact, working with development on a fix, testing and releasing the fix, and communicating to clients. We are committed to working with those who report issues via these guidelines, and we aim to quickly resolve any issues (confirming the report within one week of submission).