Palo Alto Software
Palo Alto Software Vulnerability Disclosure Policy
==================================================
We take the security of our systems and our user’s data very seriously. If you believe you have found a security vulnerability in our systems we’d love to hear from you!
Program rules
You must make every effort to avoid the following during your research:
privacy violations
degradation of user experience
disruption to production systems
destruction of data
You must keep information about any vulnerabilities you’ve discovered confidential between yourself and Palo Alto Software until we’ve had 90 days to respond
You must follow HackerOne's disclosure guidelines.
We will do our part to respond as quickly as we’re able and to be as transparent as possible during the process. We appreciate your effort and want to make our applications as secure as possible.
If you sign up for any account on our systems (particularly for LivePlan or Outpost) specifically to test for security vulnerabilities, please use your @wearehackerone.com email alias (https://docs.hackerone.com/hackers/hacker-email-alias.html) so we can exclude you from labor intensive sales follow-up and from our conversion metrics.
Program Scope
The following websites and applications are in scope
app.liveplan.com
Program Exclusions
Social engineering or phishing attacks
Denial of service
Physical attacks against Palo Alto Software offices or employees
Issues found through automated testing
Any issues related to EmailCenterPro or found on any *.emailcenterpro.com site
Issues in outdated or obscure browsers (including IE 11, which we no longer support)
How to report your findings?
Please use our submission form at HackerOne to submit the vulnerability you’ve found. You may also email us at security@paloalto.com
Safe Harbor
We will not pursue a civil action or initiate a complaint to law enforcement for accidental, good faith violations of this policy.
If legal action is initiated by a third party against you and you have complied with Palo Alto Software’s vulnerability disclosure policy, Palo Alto Software will take steps to make it known that your actions were conducted in compliance with this policy.
| Scope Type | Scope Name |
|---|---|
| web_application | app.liveplan.com |
| web_application | www.liveplan.com |
| web_application | www.paloalto.com |
| web_application | www.mplans.com |
| web_application | www.bplans.com |
| Scope Type | Scope Name |
|---|---|
| web_application | www.teamoutpost.com |
| web_application | www.outpost.co |
| web_application | api.outpost.co |
| web_application | app.outpost.co |
This program have been found on Hackerone on 2019-12-21.
FireBounty © 2015-2024
