|Scope Type||Scope Name|
Out of Scope
|Scope Type||Scope Name|
Here at Files.com, we celebrate security and we encourage independent security researchers to help us keep our products secure.
We offer a Security Bug Bounty Program (the "Program") to create an incentive and reward structure so that researchers are able to devote resources to working on Files.com.
We will pay $100 to $10,000, at our discretion, to any researcher who discovers a significant security vulnerability in Files.com. We pay quickly and fairly, every time, as long as you follow our rules.
If you've found a vulnerability or would like to perform security research against Files.com, please read through the rules below.
We want to know about anything about our platform that poses a significant security vulnerability to either us or our customers.
These can include:
On the marketing site asset (https://www.files.com __) we are looking for vulnerabilities that lead to a vulnerability on the actual *.files.com platform.
To participate in our program, you must create trial account on our platform by navigating to Files.com.com and clicking the button to start a Free Trial. That Trial sign up process will create the ' your-assigned- subdomain.files.com ' URL to be used for testing.
VERY IMPORTANT : Your account must include the phrase "[ BUGBOUNTY ]" in the "Company Name" used when registering. (Without the quotes, no space between the two words, but with square brackets.)
Here is an example of the values to use in the Trial sign up form:
Absolutely do not under any circumstances input payment card information (credit card or debit card) or make a payment unless you intend to pay the charge in full. If you properly tag your account as a [BUGBOUNTY] site by following the directions above, we will not prompt you for payment during your testing period.
Failure to abide by the above will result in your full disqualification from this program.
The following types of reports do not qualify and will not pay a bounty.
Reporting any of the above false positives shall result in your being blacklisted from the Program.
We aim to pay bounties as quickly as possible and will pay bounties sometimes before the issue is patched. Therefore, we require that you do not disclose any vulnerability publicly, either before or after the bounty is paid.
If paid a bounty, you may disclose that you received a bounty, but you may not disclose the amount or any information related to the type of vulnerability you found. Under no other circumstances may you disclose anything about your participation in this program.
You are still bound by the Terms of Service you agreed to upon signup for your Trial account. Please read and understand this document as it affects your rights.
To report a vulnerability, first re-read this entire page to be sure that you understand the terms. We may refuse to pay bounties if you violate the terms on this page, even if we act on the submission.
We will respond as quickly as possible to your submission.