Responsible Disclosure Policy
We appreciate your help with disclosing security vulnerabilities and offer a reward to the first person that reports a vulnerability.
Report a Vulnerability
Please let us know if you believe you have discovered a security vulnerability or have detected an incident. You report such vulnerabilities to: firstname.lastname@example.org
Include a detailed description of the vulnerability, together with steps on how to reproduce it. Please make sure to provide an e-mail address where we can reach you, both for more information as well as for sending your reward.
Respect other Users and their Privacy
When investigating vulnerabilities, please act in good faith and respect the data privacy of other users as well as the service availability of CodeScene. Many people use CodeScene on a daily basis for their work, and it’s harmful -- and illegal -- to disrupt their usage of CodeScene.
Rewards for Vulnerability Reports
If you’re the first person to report a valid security vulnerability, you’re eligible for a reward. The rewards involve public credits for your discovery (published on our webpage after your consent), as well as coupons that give you free use of the commercial plans in CodeScene. The value and duration of those coupons varies depending on your findings and quality of the report you provide.
Thanks for reading, and thanks for helping us make CodeScene a better service for everyone!
We'd like to thank the following people for reporting security vulnerabilities:
- Suraj Dodiya reported an SPF vulnerability (fixed).
- Suraj Dodiya reported a ClickJacking vulnerability on empear.com (fixed).
- Dankel Ahmed reported missing Content-Security-Policy header
- Jessica Sachs for detecting a platform vulnerability (fixed)
- Ratnadip Gajbhiye for reporting leakage of http server version (fixed)