Responsible Disclosure Policy:

This page is for security researchers interested in reporting application security vulnerabilities.

If you have reported an issue that's within program scope, is found to be a valid security issue, and you have followed program guidelines, ResponsibleDisclosure.com will recognise your finding and you will be allowed to disclose the vulnerability after a fix has been issued. Please refer all questions to responsibledisclosure.com.

Typical Vulnerabilities Accepted:

• OWASP Top 10 vulnerability categories
• Other vulnerabilities with demonstrated impact

Typical Out of Scope:

• Theoretical vulnerabilities
• Informational disclosure of non-sensitive data
• Low impact session management issues
• Self XSS (user defined payload)

For a full list of program scope please visit the Responsible Disclosure details page

Responsible Disclosure Guidelines:

• Adhere to all legal terms and conditions outlined at responsibledisclosure.com
• Work directly with ResponsibleDisclosure.com on vulnerability submissions
• Provide detailed description of a proof of concept to detail reproduction of vulnerabilities
• Do not engage in disruptive testing like DoS or any action that could impact the confidentiality, integrity or availability of information and systems
• Do not engage in social engineering or phishing of customers or employees
• Do not request compensation for time and materials or vulnerabilities discovered