Responsible Disclosure & Bug Bounty
Vulnerabilities & Bugs
At Accredible we take security very seriously. If you believe that you have found a security vulnerability on Accredible, we encourage you to let us know straight away. We will investigate all legitimate reports and do our best to quickly fix the problem.
We have given out rewards for reported bugs and vulnerabilities but these are discretionary and provided on a case by case basis.
We ask that:
- You give us reasonable time to investigate and mitigate an issue that you report before making any information about the report public or sharing such information with others.
- You make a good faith effort to avoid privacy violations and disruptions to others, including (but not limited to) destruction of data and interruption or degradation of our services.
- You do not exploit a security issue that you discover for any reason.
- You do not violate any other applicable laws or regulations.
- You do not send us reports of trivial or well known issues (such as XML-RPC or Clickjacking (X-Frame-Options)).
Please send all reports to: firstname.lastname@example.org. Please note that we receive a high volume of reports, therefore we can only reply to the first reporter of a significant issue. Any reward payments will be made by PayPal, so please do not submit a report with an expectation of payment unless you can accept PayPal.