Vulnerability Disclosure

The Canada Goose Information Security Team accepts reports of potential security vulnerabilities that may provide an attacker with the ability to compromise the integrity, availability, or confidentiality of Canada Goose digital services or information technology infrastructure.

If you believe you’ve found a qualifying security vulnerability, please contact vulnerabilitydisclosure@canadagoose.com. You will receive an email containing an invite to set up an account with a third-party, HackerOne, where you can find more information on our submission guidelines and be able to submit a report.

Note: your activity on HackerOne will be governed by HackerOne’s privacy policy and other terms, which can be accessed here.

We appreciate all reports but may not be able to share specific investigative steps or resolutions with you.