If issues reported to our bug bounty program affect a third-party library, external project, or another vendor, Lodagble reserves the right to forward details of the issue to that party without further discussion with the researcher. We will do our best to coordinate and communicate with researchers through this process.
Responsible Disclosure Guidelines
We will investigate legitimate reports and make every effort to quickly correct any vulnerability. To encourage responsible reporting, we will not take legal action against you nor ask law enforcement to investigate you provided you comply with the following Responsible Disclosure Guidelines:
- Provide details of the vulnerability, including information needed to reproduce and validate the vulnerability and a Proof of Concept (POC).
- Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our services.
- Do not modify or access data that does not belong to you.
- Give Lodgable a reasonable time to correct the issue before making any information public.
For the avoidance of doubt,
- Lodgable considers that a good-faith security researcher who complies with this policy to access a computer on or energy product has not accessed a computer without authorization or exceeded authorized access under the Computer Fraud and Abuse Act (“CFAA”).
- Lodgable will not bring a copyright infringement claim under the Digital Millennium Copyright Act (“DMCA”) against a pre-approved, good-faith security researcher who circumvents security mechanism, so long as the researcher does not access any other code or binaries.