Security Policy

Security Policy - Summary

We reward cybersecurity researchers' responsible disclosures on a first-reported basis, only if they meet the strict eligibility critiera. We offer Safe Harbor for legitimate cybersecurity research, reward responsible disclosures, that are paid through our own bug bounty program. Please read the full policy below.

Security Policy - Full

This Security Policy covers all websites and webapplications monitored by ZeroTrust.Plus. This website is operated by its developer ("we" or "us").

Introduction

Security is core to our values, and we value the input of hackers acting in good-faith to help us maintain a high standard for the security and privacy for our users. This includes encouraging responsible vulnerability research and disclosure. This policy sets out our definition of good-faith in the context of finding and reporting vulnerabilities, as well as what you can expect from us in return.

SCOPE: Eligible cybersecurity research submissions

Only the following submissions are eligible for a reward.

OUT-OF-SCOPE: Submissions that are not eligible for a reward

Anything that is not explicitly identified in the Eligibility section would be ineligible. The following are explicitly prohibited.

GROUND RULES

To encourage vulnerability research and to avoid any confusion between legitimate research and malicious attack, we ask that you attempt, in good faith, to:

Safe Harbor

When conducting vulnerability research according to this policy, we consider this research conducted under this policy to be: You are expected, as always, to comply with all applicable laws. If legal action is initiated by a third party against you and you have complied with this policy, we will take steps to make it known that your actions were conducted in compliance with this policy.

If at any time you have concerns or are uncertain whether your security research is consistent with this policy, please submit a report through one of our Official Channels before going any further.

Other conditions

All cybersecurity researchers are normally eligible for a reward, with the following conditions.

How to claim your bug bounty

This part is easy. Email to us (a) the proof of eligibility, (b) steps to reproduce, and (c) optionally - recommended remedy. Upon verification, we will reply to your email. Please give us two weeks for this verification process. Longer time may be required for particularly complex attacks. Please do not make any public disclosure without a prior written permission.

Changes

The Security Policy may be updated from time to time, so please check back on a regular basis for any changes. The last modification date of this document is shown at the bottom of this page.

Last modified: 1 September 2021