Rules for usWe will respond as quickly as possible to your submission.We will keep you updated as we work to fix the bug you submitted.We will not take legal action against you if you play by the rules.
How are bounty payments made?All bounties are currently paid via PayPal.
How is the bounty reward determined?Rewards range from $25 - $5000. Our security and development teams take many factors into account when determining a reward. These factors include the complexity of successfully exploiting the vulnerability, the potential exposure, as well as the percentage of impacted users and systems. Sometimes an otherwise critical vulnerability has a very low impact simply because it is mitigated by some other component, e.g. requires user interaction, an obscure web browser, or would need to be combined with another vulnerability that does not currently exist.
I reported a vulnerability but have not received a response!Please allow up to 24 hours for an initial response. Also realize that spam filters and email in general can sometimes be problematic. If you ever feel we are not communicating in a timely fashion, definitely let us know.