Bug Bounty Program
We take security seriously.
If you believe you’ve discovered a security vulnerability in our platform, software, or services, please report it directly to us. Rewards for our bug bounty program are offered based on the severity of the vulnerability.
How to Disclose a Security Vulnerability
If you discover a security vulnerability on our platform, please send an email to [email protected] to make your disclosure. Once submitted, a member of our development team will follow up with you regarding the issue shortly.
Program Eligibility
Please ensure you understand our bug bounty program rules and scope before submitting your disclosure.
To be eligible to participate in our bug bounty program, you must follow our program rules:
- The vulnerability must be original, previously unreported, and not currently under investigation by our team.
- Participants must avoid any actions that could harm GridPane or its customers.
- Participants must keep all discovered vulnerabilities confidential and not share them with third parties.
- Participants must not attempt to access any data or information that is not their own.
- Participants must not attempt to access any data or information that does not belong to them.
- Participants must not publicly reveal or report any vulnerability until GridPane has had sufficient time to address the issue.
- Proof of concept (PoC) is a requirement when submitting a report.
- Only security vulnerabilities are eligible for a reward.
Please follow these rules to ensure your eligibility for this program.
Our platform dashboard (my.gridpane.com) and our server stacks are within the scope of our bug bounty program.
This program is open to security researchers and ethical hackers. Both the seriousness of the vulnerability and the quality of your submitted report will affect the reward, which is at our sole discretion.
You are not automatically eligible for a reward just because you submit a bug report.
Reports generated by automated tools are not eligible for this program.