Certinia (formerly FinancialForce)

No technology is perfect and Certinia believes that working with skilled security researchers across the globe is crucial in identifying weaknesses in any technology. We are excited for you to participate as a security researcher to help us identify vulnerabilities in our web applications. Good luck, and happy hunting!

---

Our team cares deeply about security, and we recognize that community-driven security research is the best way to help us keep us and our customers secure.

If you have found a vulnerability in our systems, please follow the guidelines below and send it our way.

Happy hunting!

---

Ratings/Rewards:

For the initial prioritization/rating of findings, this program will use the Bugcrowd Vulnerability Rating Taxonomy. However, it is important to note that in some cases a vulnerability priority will be modified due to its likelihood or impact. In any instance where an issue is downgraded, a full, detailed explanation will be provided to the researcher - along with the opportunity to appeal, and make a case for a higher priority.

---

Testing is only authorized on the targets listed as In-Scope. Any domain/property of Certinia not listed in the targets section is out of scope. This includes any/all subdomains not listed above. IF you happen to identify a security vulnerability on a target that is not in-scope, but that demonstrably belongs to Certinia, it may be reported to this program, and is appreciated - but will ultimately be marked as ‘not applicable’ and will not be eligible for monetary or points-based compensation.