Banner object (1)

Hack and Take the Cash !

790 bounties in database
  Back Link to program      
06/08/2019
Trint Ltd logo
Thanks
Gift
Hall of Fame
Reward

In Scope

Scope Type Scope Name
ios_application com.trint.TrintDemo
web_application app.trint.com
web_application embed.trint.com
web_application media.trint.com
web_application editor-sessions.trint.com
web_application edit.trint.com
web_application api.trint.com
web_application core-api.trint.com
web_application upload.trint.com
web_application graphql2.trint.com

Out of Scope

Scope Type Scope Name
web_application player.trint.com
web_application persist.trint.com
web_application analytics.trint.com
web_application www.trint.com
web_application info.trint.com
web_application new.trint.com
web_application engineering.trint.com
web_application support.trint.com
web_application dev.trint.com
web_application marketing.trint.com

Trint Ltd

Trint is developed using the principle of Security and Privacy By Design. Information security is a top priority as a matter of company strategy and supported at the highest levels of management. Our security practices are aligned with ISO 27001:2013, and we expect formal certification in the first half of this year.

Even so, new attack vectors and vulnerabilities are developed and found every day, and the public and the security research community plays a significant role in identifying these. If you think you have discovered a security vulnerability, follow the program guidelines, and we will happily work with you to solve the issue and ensure you are compensated for your discovery. Please read the Rewards section for more information about compensation.

This page is intended for security researchers who would like to learn about our bug bounty program and disclosures. For general information about security at Trint, please see the data security section on our website __.

In case you are looking to submit non-security related issues, please contact us here __instead.

Response Targets

We will make our effort to meet the following response targets for hackers participating in our program:

  • Time to first response (from report submit) - up to 2 business days
  • Time to triage (from report submit) - up to 2 business days

We’ll try to keep you informed about our progress throughout the process.

Disclosure Policy

We aspire to be as transparent about our security as possible. Therefore we will aim to publicly disclose the vulnerabilities once they are confirmed as valid and have been resolved. We might extend the timeframe of public disclosure of a resolved report if we still have similar vulnerabilities to be resolved. We kindly ask you to not disclose them to the public or a third party without our consent, in compliance with the process described in the HackerOne Vulnerability Disclosure Guidelines __.

Program Priorities

Trint offers individual, team and enterprise accounts though the latter two cannot currently be signed up to without assistance from Trint Support. We are particularly interested in vulnerabilities that would permit a user unauthorized access to another user's data or enable users to access platform capabilities that should not be available to individual user accounts.

Program Rules

At all times act responsibly and in the best interests of Trint and our customers. We strongly discourage you from having a malicious approach, make good faith to avoid privacy violations, destruction of data and interruption or degradation of our service.

Whenever possible, create user accounts with the following email format: youremailaddress+hackerone@gmail.com. We may purge accounts if we notice that they are performing suspicious activities on our services.

In order for us to reply as quickly as possible, please be clear on your description of the issue and include logs, tracing, network requests and screenshots in your report whenever relevant, and detailed steps to reproduce it. We also expect you to include an assessment of the exploitability and the potential impact of the issue.

While researching, we ask you to refrain from:

  • Any activity that could lead to the disruption of our service (DoS).
  • Spamming.
  • Exploiting third parties like Intercom, Zendesk, Mixpanel, and AnnounceKit.
  • Social engineering techniques (phishing, vishing, smishing, pretexting, etc).
  • Running automated scans.
  • Reporting password and account recovery policies, such as reset link expiration or password complexity.
  • Reporting generic vulnerabilities or any issues without a clearly identified security impact on our systems, such as clickjacking on a static website, missing security headers, or descriptive error messages.

Make sure you see what's in and out of scope before conducting your research. We may, from time to time, add new domains as part of ongoing product development. These should be considered out of scope until notified otherwise. We appreciate any notification of uncovered domains that you might discover.

One last thing that it is obvious but we would like to state it: do not violate the law while doing your research.

Rewards

This is a points-based programme, as such, we will not reward security researchers monetarily at the moment. Instead, we will award security researchers with reputation points, based on HackerOne guidelines, upon triage and validation of the vulnerability reported. Please note that we will only award security researchers with reputation points for issues that have not been reported already.

Safe Harbour

If you follow these guidelines, your activities will be considered authorised conduct and therefore we will not pursue or support any legal action related to your research.

Thank you for helping us keep Trint and our customers safe!

FireBounty © 2015-2019

Legal notices