Help Us To Grow
Report Your Bug.
The scope for Infovys bug bounty program is focused on securing the website . Therefore, our approach is to evaluate any given report based on the specific security impact for users . Below we describe the various security impact buckets that are in-scope, examples of vulnerability types, and domains that could potentially have meaningful security impact.
Besides our scope, it’s worth mentioning a few tenets of our program:
We expect respectful interactions, with researchers and our team treating each other as peers -- being willing to learn/teach and assuming best intents, always.
You can expect our team will assess impact of each report to determine maximum security impact, including transparency behind our reasoning and interpretation of impact.
Send Your Bug Report Here :- [email protected]
1) Denial of Service attacks
2) Descriptive error messages or headers (e.g. Stack Traces, application or server errors, banner grabbing)
3) Disclosure of known public files or directories
4) Outdated software / library versions
5) OPTIONS / TRACE HTTP method enabled
6) Cookies that lack HTTP Only or Secure settings for non-sensitive data
7) Reports resulting from automated scanning utilities without additional details or a POC demonstrating a specific exploit
8) Attacks requiring physical access to a user's device
9) Attacks dependent upon social engineering of Infovys employees or vendors.
10) SSL/TLS best practices
11) Clickjacking, without additional details demonstrating a specific exploit
12) Mail configuration issues including SPF, DKIM, DMARC settings
13) Use of a known-vulnerable library without a description of an exploit specific to our implementation
14) Content spoofing / text injection
15) Missing security headers without additional details or a POC demonstrating a specific exploit
16) Mixed content issues
To qualify for this program, you must:
Be the first to discover a specific vulnerability.
The vulnerability exists in current supported versions of our products.
Provide verifiable proof the vulnerability exists. Send screen shot and a clear text description of the report along with steps to reproduce the vulnerability. Include attachments such as proof of concept code as necessary.
Disclose the vulnerability report responsibly to us. Public disclosure or disclosure to other third parties - including vulnerability brokers - before we addressed your report forfeit the reward.
Demonstrate care in reproducing the vulnerability. In particular, test only on accounts you own and do not impact the Cylance supporting services and infrastructure.
Infovys employees are ineligible from participating in external program.
Note: posting details or communications about this report before it has been approved for disclosure or posting details that reflect badly on this program and the Infovys brand will result in forfeiture of any award and/or immediate removal from the program..