Does Radar have a bug bounty or responsible disclosure program?Last Updated: February 19, 2019
If you believe you've discovered a bug in Radar's security, please contact us at firstname.lastname@example.org. We request that you do not publicly disclose the issue.
We operate a reward program for responsibly disclosed vulnerabilities. A minimum reward of $500 USD may be provided for the disclosure of qualifying bugs. At our discretion, we may increase the reward amount based on the creativity or severity of the bugs. Radar rewards the confidential disclosure of any design or implementation issue that could be used to compromise the confidentiality or integrity of our clients' or our clients' end users' data. If you report a vulnerability that does not qualify under the above criteria, we may still provide a minimum reward of $100 USD if your report causes us to take specific action to improve Radar's security.
As with most security reward programs, we ask that you use common sense when looking for security bugs. Vulnerabilities must be disclosed to us privately with reasonable time to respond, and avoid compromise of other clients' or end users' data. We do not reward denial of service, spam, or social engineering vulnerabilities. Although Radar itself and all services offered by Radar are eligible, vulnerabilities in third-party applications that use Radar are not.
As with most security reward programs, there are some restrictions:
- We will only reward the first person to responsibly disclose a bug to us.
- Any bugs that are publicly disclosed will not be rewarded.
- Whether to reward the disclosure of a bug and the amount of the reward is entirely at our discretion, and we may cancel the program at any time.
- Your testing must not violate any laws.
- We can't provide you a reward if it would be illegal for us to do so.