The Marriott Group, which includes Marriott International, Inc., Starwood Hotels & Resorts Worldwide, LLC, and their affiliates (collectively, Marriott) takes cybersecurity seriously. Marriott has launched a vulnerability response program, using the HackerOne platform. The responsible disclosure of potential vulnerabilities by this community helps us to ensure the security and privacy of our customers and data.
Except as modified by these terms of Marriott’s vulnerability response program, the HackerOne disclosure guidelines __apply to your participation in Marriott’s vulnerability response program. By submitting a potential vulnerability report (Submission), you acknowledge that you have read and agreed to the terms of Marriott’s program (Program Terms). Marriott may revise the Program Terms or terminate the vulnerability response program at any time. Marriott’s vulnerability disclosure program intakes bugs discovered by members of the cyber security community. Researcher’s identities and vulnerability details are not disclosed.
Unless Marriott provides you with written consent to share information, all information regarding a Submission must be kept confidential and may not be shared in any way outside of the Marriott program, including discussions related to our program or any vulnerabilities (even if resolved).
For the avoidance of doubt, the following activities are expressly prohibited:
Marriott reserves all rights and potential claims with respect to any such prohibited activities.
We take every Submission seriously and very much appreciate the efforts of security researchers, who regularly make valuable contributions to the security of companies like Marriott and the broader Internet community. We will investigate every Submission and strive to ensure that appropriate steps are taken to resolve reported vulnerabilities as quickly as possible.
Marriott will use its best efforts to meet the following service level agreements (SLAs) for researchers participating in our program:
• Time to first response (from report submit date) = 5 business days
• Time to triage (from report submit date) = 10 business days
• Resolution = Depends on complexity and severity
Researchers will be kept informed about our progress throughout the process.
Thank you for helping to protect Marriott’s systems and customers.
|Scope Type||Scope Name|
Firebounty have crawled on 2020-02-04 the programe Marriott Vulnerability Disclosure Program on the platform Hackerone.