Responsible Disclosure

The integrity and safety of our customers' data is top priority for us. We go to great lengths providing a safe environment, but we are not as naïve to think our systems are bullet proof. There may be instances, where security flaws exist in our systems.

General elegibility

  • The security bug must be original and previously unreported.
  • You should use your best effort not to access, modify, delete, or store User Data
  • Lack of clickjacking protection (XFO, CSP) is insufficient to claim a bounty
  • No other sites or subdomains than those listed in the table below is eligible for a bounty

Scope

Bug classification demo.kaddio.com call.kaddio.com kaddio.com
  Remote Code Execution $30 $20 HoF (Hall of Fame)
  Unauthorised Data Access $30 $20 HoF
  Authentication Bypass $30 $20 HoF
  Database Injection $30 HoF HoF
  Domain Takeovers $20 $20 $20
  Vulnerabilities with encryption $20 $20 HoF

Exclusions

  • Social engineering attacks (phishing)
  • Spam and flaws related to DKIM, SPF or DMARC
  • Denial-of-service attacks
  • Rate limiting issues

We will investigate all reports and keep you in the loop. As a small company we cannot provide much of a Bug Bounty, altough we will mention you on our HoF-page. When you're disclosing an issue, please include your name, Type of bug, a Proof of Concept and the Domain. We encourage you, if you've discovered a vulnerability in our systems to help us improve: vulnerability@kaddio.com

Kaddio Responsible Disclosure
May 20, 2019

Kaddio Security Researcher Hall of Fame

Date Researcher
2019, June Tarun Mahour -Abhaychandra Chede
2019, January Sameer Phad
2018, August Vipul Zilpelwar
2018, July Ismail Tasdelen
2018, July k.karthickumar - Cisco Systems Chennai
2018, June Maulik Vaidh, @Maulik1827
2018, May Jineesh Ak
kaddio.com don't use cookies and we don't track you.