Articles on: Privacy & Security

Security Exploit Bounty Program

Responsible Disclosure



Security is of utmost importance to Noticeable. In pursuit of the best possible security for our service, we welcome responsible disclosure of any vulnerability you find in Noticeable. Principles of responsible disclosure include, but are not limited to:

Access or expose only customer data that is your own.
Do not exfiltrate data from our infrastructure (including source code, data backups, configuration files).
If you obtain remote access to our system, report your finding immediately. Do not attempt to pivot to other servers or elevate access.
Avoid scanning techniques that are likely to cause degradation of service to other customers (e.g. by overloading the site). This includes the spamming of contact forms, support emails, etc.
Keep within the guidelines of our Terms of Service.
Keep details of vulnerabilities secret until Noticeable has been notified and had a reasonable amount of time to fix the vulnerability.
In order to be eligible for a bounty, your submission must be accepted as valid by Noticeable. We use the following guidelines to determine the validity of requests and the reward compensation offered.

Reproducibility



We must be able to reproduce the security flaw from your report. Reports that include clearly written explanations and working code are more likely to garner rewards.

Reports that are too vague or unclear are not eligible for a reward.

Reports we're interested in



Tampering with data of other users.
Bypassing our API's security.
Server-side code execution.

Examples of Non-Qualifying exploits



Denial of service attacks.
Social engineering.

Reports we don't want



SSL or DNS best practices (DNSSEC, CAA)
Email spoofing, SPF, DMARC & DKIM
Mass submitting form

Rewards



Rewards are free subscriptions or discounts to one of our plans based on the severity.

Only 1 bounty will be awarded per vulnerability.

If we receive multiple reports for the same vulnerability, only the person offering the first clear report will receive a reward.

Contact



Please email us at security@noticeable.io with any vulnerability reports or questions about the program. Please report each new bug in a separate email thread.

Updated on: 04/09/2022

Was this article helpful?

Share your feedback

Cancel

Thank you!