52235 policies in database
Link to program      
2019-12-21
2020-02-21
Palo Alto Software logo
Thank
Gift
HOF
Reward

Palo Alto Software

Palo Alto Software Vulnerability Disclosure Policy

==================================================

We take the security of our systems and our user’s data very seriously. If you believe you have found a security vulnerability in our systems we’d love to hear from you!

Program rules


You must make every effort to avoid the following during your research:

  • privacy violations

  • degradation of user experience

  • disruption to production systems

  • destruction of data

  • You must keep information about any vulnerabilities you’ve discovered confidential between yourself and Palo Alto Software until we’ve had 90 days to respond

  • You must follow HackerOne's disclosure guidelines.

We will do our part to respond as quickly as we’re able and to be as transparent as possible during the process. We appreciate your effort and want to make our applications as secure as possible.

If you sign up for any account on our systems (particularly for LivePlan or Outpost) specifically to test for security vulnerabilities, please use your @wearehackerone.com email alias (https://docs.hackerone.com/hackers/hacker-email-alias.html) so we can exclude you from labor intensive sales follow-up and from our conversion metrics.

Program Scope


The following websites and applications are in scope

Program Exclusions


  • Social engineering or phishing attacks

  • Denial of service

  • Physical attacks against Palo Alto Software offices or employees

  • Issues found through automated testing

  • Any issues related to EmailCenterPro or found on any *.emailcenterpro.com site

  • Issues in outdated or obscure browsers (including IE 11, which we no longer support)

How to report your findings?


Please use our submission form at HackerOne to submit the vulnerability you’ve found. You may also email us at security@paloalto.com

Safe Harbor


We will not pursue a civil action or initiate a complaint to law enforcement for accidental, good faith violations of this policy.

If legal action is initiated by a third party against you and you have complied with Palo Alto Software’s vulnerability disclosure policy, Palo Alto Software will take steps to make it known that your actions were conducted in compliance with this policy.

In Scope

Scope Type Scope Name
web_application

app.liveplan.com

web_application

www.liveplan.com

web_application

www.paloalto.com

web_application

www.mplans.com

web_application

www.bplans.com

Out of Scope

Scope Type Scope Name
web_application

www.teamoutpost.com

web_application

www.outpost.co

web_application

api.outpost.co

web_application

app.outpost.co


This program have been found on Hackerone on 2019-12-21.

FireBounty © 2015-2024

Legal notices | Privacy policy