If issues reported to our bug bounty program affect a third-party library, external project, or another vendor, Lodagble reserves the right to forward details of the issue to that party without further discussion with the researcher. We will do our best to coordinate and communicate with researchers through this process.
Responsible Disclosure Guidelines
If you believe you have found a vulnerability please contact us at [email protected] We will respond within 48 hours.
- Provide details of the vulnerability, including information needed to reproduce and validate the vulnerability and a Proof of Concept (POC).
- Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our services.
- Do not modify or access data that does not belong to you.
- Give Lodgable a reasonable time to correct the issue before making any information public.
For the avoidance of doubt,
- Lodgable considers that a good-faith security researcher who complies with this policy to access a computer has not accessed a computer without authorization or exceeded authorized access under the Computer Fraud and Abuse Act (“CFAA”).
- Lodgable will not bring a copyright infringement claim under the Digital Millennium Copyright Act (“DMCA”) against a pre-approved, good-faith security researcher who circumvents security mechanism, so long as the researcher does not access any other code or binaries.