We welcome whitehat security researchers and will gratefully receive reports of suspected security problems.
We ask you to refrain from the following:
We don’t offer bug bounties. However we acknowledge contributions here on our site.
Only the first researcher to report a specific qualifying issue is eligible for acknowledgement. Whether or not an issue is a qualifying issue, as well as eligibility for acknowledgement, are decisions taken by us in our discretion. We reserve the right to cancel this program at any time without notice.
In order to qualify for acknowledgement, please follow these guidelines when reporting issues:
Report security issues via our security email address. The address is firstname.lastname@example.org.
Do not use automated scripts/tools without prior approval and scheduling. We understand the value of automated vulnerability detection scripts and software, but we ask you not to run automated scans of any kind without scheduling it with us in advance.
Expect a followup within 24 hours on business days. We do our best to respond quickly. We take every report seriously, and if you don’t hear back promptly, it doesn’t meant that we’re ignoring it. It means that we didn’t receive it. If you don’t hear back within 24 hours on a business day, please drop us a reminder via our support email address, and we’ll make sure that it hasn’t slipped through the cracks.
Only test Feature Upvote systems. Systems hosted by third parties do not qualify for acknowledgement.
Provide steps to reproduce the problem in our systems. Providing generic background information about a class of vulnerability without specific details about how our systems are vulnerable does not qualify for acknowledgement.
Please do not share your research or findings publicly until we’ve had time to research and release a fix for the problem.
Report security vulnerabilities to email@example.com. Once we’ve received your email, we’ll work with you to make sure that we completely understand the scope of the problem and keep you informed as we work on the solution.
We appreciate your help to find and resolve security issues responsibly. The following have worked to help us keep Feature Upvote safe and secure for everyone. Thank you.