The integrity and safety of our customers' data is top priority for us. We go to great lengths providing a safe environment, but we are not as naïve to think our systems are bullet proof. There may be instances, where security flaws exist in our systems.
- The security bug must be original and previously unreported.
- You should use your best effort not to access, modify, delete, or store User Data
- Lack of clickjacking protection (XFO, CSP) is insufficient to claim a bounty
- No other sites or subdomains than those listed in the table below is eligible for a bounty
|Remote Code Execution||$30||$20||HoF (Hall of Fame)|
|Unauthorised Data Access||$30||$20||HoF|
|Vulnerabilities with encryption||$20||$20||HoF|
- Social engineering attacks (phishing)
- Spam and flaws related to DKIM, SPF or DMARC
- Denial-of-service attacks
- Rate limiting issues
We will investigate all reports and keep you in the loop. As a small company we cannot provide much of a Bug Bounty, altough we will mention you on our HoF-page. When you're disclosing an issue, please include your name, Type of bug, a Proof of Concept and the Domain. We encourage you, if you've discovered a vulnerability in our systems to help us improve: email@example.com
Kaddio Responsible Disclosure
May 20, 2019