We appreciate all security concerns brought forth and are constantly striving to keep on top of the latest threats. Being proactive rather than reactive to emerging security issues is a fundamental belief at InVision. Every day new security issues and attack vectors are created. InVision strives to keep abreast on the latest state-of-the-art security developments by working with security researchers and companies. We appreciate the community's efforts in creating a more secure world!
We update the application as often as weekly, so please check back for new functionality!
- Review our Release Notes for more information but please note this may not be comprehensive of all changes that impact your research as it is written for customers.
InVision also believes in providing an Open Scope for the researcher community
- This program's scope covers our most important product features and offers our highest rewards but our extended scope can be found on the InVision Program
- Production is Out-of-Scope We will deduct points for research on our production site, as we ask that you limit your research to the testing environments listed below.
- Findings outside of the scope will be reviewed for impact but determination of rewards, points based or monetary, will be at the discretion of the InVision team.
For the month of February 2022, InVision is offering "double the base rewards" for reports specific to Freehand.
For the initial prioritization/rating of findings, this program will use the Bugcrowd Vulnerability Rating Taxonomy. However, it is important to note that in some cases a vulnerability priority will be modified due to its likelihood or impact. In any instance where an issue is downgraded, a full, detailed explanation will be provided to the researcher - along with the opportunity to appeal, and make a case for a higher priority.
Scope and rewards
This program follows Bugcrowd’s standard disclosure terms.
For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please email email@example.com. We will address your issue as soon as possible.
This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.