We require that all researchers:
- Make a every effort to avoid privacy violations, degradation of user experience, disruption to production systems, and destruction of data during security testing
- Perform research only within the scope set out below
- Use the identified communication channels to report vulnerability information to us
- Use your @bugcrowdninja email when testing
Thank you for participating, it is your work that will help to keep us secure.
For the initial prioritization/rating of findings, this program will use the Bugcrowd Vulnerability Rating Taxonomy. However, it is important to note that in some cases a vulnerability priority will be modified due to its likelihood or impact. In any instance where an issue is downgraded, a full, detailed explanation will be provided to the researcher - along with the opportunity to appeal, and make a case for a higher priority.
Scope and rewards
This program follows Bugcrowd’s standard disclosure terms.
For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please email firstname.lastname@example.org. We will address your issue as soon as possible.
This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.