Responsible Disclosure Policy:
This page is for security researchers interested in reporting application security vulnerabilities.
If you have reported an issue determined to be within program scope, is determined to be a valid security issue, and you have followed program guidelines, ResponsibleDisclosure.com will recognize your finding and you will be allowed to disclose the vulnerability after a fix has been issued. Please refer all questions to ResponsibleDisclosure.com portal.
Typical Vulnerabilities Accepted:
- OWASP Top 10 vulnerability categories
- Infrastructure vulnerabilities
- Other vulnerabilities with demonstrated impact
Typical Out of Scope:
- Theoretical vulnerabilities
- Informational disclosure of non-sensitive data
- Low impact session management issues
- Self XSS (user defined payload)
For a full list of program scope please visit the Responsible Disclosure details page.
Responsible Disclosure Guidelines:
- Adhere to all legal terms and conditions outlined at responsibledisclosure.com
- Work directly with ResponsibleDisclosure.com on vulnerability submissions
- Provide detailed description of a proof of concept to detail reproduction of vulnerabilities
- Do not engage in disruptive testing like DOS or any action that could impact the confidentiality, integrity or availability of information and systems
- Do not engage in social engineering or phishing of customers or employees
- Do not request compensation for time and materials or vulnerabilities discovered