Security Policy

Cybersecurity researchers and hackers are welcome!

Had it not been for the cybersecurity researchers, my lab would not be this strong.

Security Policy - Summary

We reward cybersecurity researchers' responsible disclosures on a first-reported basis, only if they meet the strict eligibility criteria. Please read the full policy below.

Security Policy - Full

This Security Policy covers all of our websites and web applications. This website is operated by its developer ("we" or "us").

Introduction

Security is core to our values, and we value the input of hackers acting in good-faith to help us maintain a high standard for the security and privacy of our users. This includes encouraging responsible vulnerability research and disclosure. This policy sets out our definition of good-faith in the context of finding and reporting vulnerabilities, as well as what you can expect from us in return.

SCOPE: Eligible cybersecurity research submissions

Only the following submissions are eligible for a reward.

OUT-OF-SCOPE: Submissions that are not eligible for a reward

Anything that is not explicitly identified in the Eligibility section would be ineligible. The following are explicitly prohibited.

GROUND RULES

To encourage vulnerability research and to avoid any confusion between legitimate research and malicious attacks, we ask that you attempt, in good faith, to:

Safe Harbor

When conducting vulnerability research according to this policy, we consider this research conducted under this policy to be:

You are expected, as always, to comply with all applicable laws. If legal action is initiated by a third party against you and you have complied with this policy, we will take steps to make it known that your actions were conducted in compliance with this policy.

If at any time you have concerns or are uncertain whether your security research is consistent with this policy, please submit a report through one of our Official Channels before going any further.

Other conditions

All cybersecurity researchers are normally eligible for a reward, with the following conditions.

How to claim your bug bounty

This part is easy. Email us (a) the proof of eligibility, (b) steps to reproduce, and (c) optionally - recommended remedy. Upon verification, we will reply to your email. Please give us two weeks for this verification process. Longer time may be required for particularly complex attacks. Please do not make any public disclosure without prior written permission.

Changes

The Security Policy may be updated from time to time, so please check back on a regular basis for any changes. The last modification date of this document is shown at the bottom of this page.

Last update: 9 May 2023