> ## Documentation Index > Fetch the complete documentation index at: https://docs.levelblue.com/llms.txt > Use this file to discover all available pages before exploring further. # How to Submit a Security Issue to LevelBlue AT\&T is always working to improve the security of our products. You, the LevelBlue community, aid our ability to deliver secure software for our customers by informing us of security issues — so thank you! Have you discovered a security vulnerability? Disclose it to us through the [AT\&T Bug Bounty Program](https://hackerone.com/att) managed by HackerOne. You can find detailed information of program guidelines, program exclusions, program terms and conditions, reporting process, and awarding process on this page. ## What Vulnerability Information Are We Looking For? When submitting an issue, please provide a technical description that allows us to assess exploitability and impact of the issue, and include the following where appropriate: * Provide steps and any additional information we may need to reproduce the issue. * If you are reporting cross-site scripting (XSS), your exploit should at least pop up an alert in the browser. It is much better if the XSS exploit shows the user's authentication cookie. * For a cross-site request forgery (CSRF), use a proper CSRF case when a third party causes the logged-in victim to perform an action. * For a SQL injection, we want to see the exploit extracting database data, not just producing an error message. * HTTP request / response captures or simply packet captures are also very useful to us. Please refrain from sending us links to non-LevelBlue websites, or issues in PDF / DOC / EXE files. Image files are OK. Make sure the bug is exploitable by someone other than the user ("self-XSS"). We are unable to respond to generic scanner reports. If you have had a security practitioner examine a generic scan report and they have isolated specific vulnerabilities that need to be addressed, we request that you report them individually.