Reporting
You can contact us via bugbounty@brightsec.com to report any vulnerability or if you have questions about this program.
Bright Security understands the importance of disclosure of vulnerabilities and we are happy to allow disclosure in certain instances.
- You must receive explicit permission from Bright Security if you would like to disclose any finding or vulnerability. This includes any findings listed on the program exclusion list above.
- You may not discuss any vulnerabilities with anyone or on any forum outside of Bright Security’s bug bounty program, unless getting permission from Bright Security.
- Reports that are not considered valid vulnerabilities (Informative, Spam, etc) are not eligible for disclosure.
- Only resolved reports are eligible for disclosure.
- The request for disclosure must be made by the bug bounty hunter who originally reported the vulnerability to Bright Security.
- Duplicate reports are not eligible for disclosure.
Requesting Permission
To request permission for disclosure, you may email bugbounty@brightsec.com.
Bright Security has the right to approve or deny the request for any reason.
Violation of Terms
By participating in Bright Security’s bug bounty program, you are agreeing to this policy.
If any of the rules of this disclosure policy are broken, Bright Security has the right to legal action against the person who violated the rules. That person will also be banned from all future participation in the Bright Security bug bounty program.