We created GlassWire to help everyday users protect their devices and privacy by monitoring their network activity . The security, data, and privacy of our GlassWire users is our priority. We hope HackerOne will help security researchers report GlassWire software vulnerabilities to us.

Reporting a vulnerability in the GlassWire desktop or mobile software

We will try to review all reported vulnerabilities within 10 business days to see if they qualify for HackerOne recognition. Vulnerability reports require a proof of concept and detailed information on how the vulnerability can cause GlassWire to be misused.

Please use the following guidelines:

• We are mainly seeking vulnerabilities in our software (mobile and desktop).

• Check for network parser vulnerabilities.

• Check for vulnerabilities using fuzzing and binary analysis.

• Go to GlassWire settings/server to review its remote access security.

• *.glasswire.com minus exclusions below.

• Please include detailed instructions on the vulnerability so we can try to reproduce the issue.

• Please do not disclose the issue until it has been fixed by GlassWire.

• Do not disrupt services for users.

• Do not violate the privacy of users or modify their data.

Scope Exclusions

• Physical attacks

• DDOS, DOS, or Brute Force attacks

• Social Engineering

• Wordpress/Discourse vulnerabilities

• forum.glasswire.com uses Discourse third party software

• blog.glasswire.com hosted by Wordpress.com

• store. and other shopping pages hosted by our billing company

• Vulnerabilities on third party sites

• Password complexity reports

• Cracks

• Software that we do not make or have any control over that falsely claims to be GlassWire

• Mailchimp forms

• Reports about DLL hijacking without demonstrating how it gains new privileges.

• Windows 7 is no longer supported by Microsoft. Please only give Windows 10 examples if possible.

Rewards

We now offer paid bounties for vulnerabilities in our Windows desktop software or mobile software. GlassWire does not offer bug bounties related to our website unless the vulnerability is serious and has real security implications for our users.