Banner object (1)

Hack and Take the Cash !

790 bounties in database
  Back Link to program      
25/10/2015
GlobaLeaks logo
Thanks
Gift
Hall of Fame
Reward

GlobaLeaks

Anonymous whistleblowing can be easy and secure. Unfortunately, no technology is perfect and GlobaLeaks believes that working with skilled security researchers across the globe is crucial in identifying software weaknesses.

While we do our best to provide a secure software by default , security vulnerabilities and new attack techniques must be taken into account. If you believe you've found a security issue in the Globaleaks framework __codebase, we encourage you to notify us. We welcome working with you to resolve the issue promptly.

Scope

Please read it carefully!

  • We're looking for bugs affecting the confidentiality , integrity and availability of our users within the boundaries of the threat model __. Examples of software vulnerabilities include, but are not limited to, XSS, CSRF, anonymity or privacy weaknesses, code execution, etc.
  • We're ONLY interested in software vulnerabilities affecting our open source codebase __
  • For more details on how to deploy your own globaleaks node, please refer to the Globaleaks Installation Guide __

Exclusions

While researching, we'd like to ask you to refrain from:

  • Testing any public installations of GlobaLeaks. Security testing should be performed on your local deployment.
  • Testing https://www.globaleaks.org __, https://hermescenter.org/ __or other assets related to Globaleaks. We're not looking for software vulnerabilities or misconfiguration in our institutional sites
  • Spamming
  • Social engineering and phishing of GlobaLeaks staff
  • Any physical attempts against GlobaLeaks property

Disclosure Policy

  • Let us know as soon as possible upon discovery of a potential security issue, and we'll make every effort to quickly resolve the issue
  • Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party
  • Avoid public disclosure of previously unknown vulnerabilities. Many organizations rely on GlobaLeaks software, thus we don't want to put any running whistleblowing platform in jeopardy

Bounty Program

We're an open source project, backed by a non-profit association __. As a result, we're not in the position to offer a monetary bounty for reports of qualifying security vulnerabilities. To show our appreciation, we will be happy to reward qualifying reports by sending an Hermes Center branded USB key with Tails __pre-loaded. In special cases, your submission may qualify for our traditional Italian wine and grappa. Eligibility is at our sole discretion.

Thank you for helping keep GlobaLeaks safe!

FireBounty © 2015-2019

Legal notices