Responsible Disclosure Program
SideFX welcomes and encourages security researcher reports regarding vulnerabilities within our online services.
- Please avoid any privacy violations, degradations and disruption to our production system during your testing.
- Please do not modify or destroy data.
- Please keep information disclosed confidential between yourself and SideFX, until we resolve the issue. We will make our best efforts to fix bugs in a sensible timeframe.
We encourage you to report the following:
- Cross Site Scripting
- Cross Site Request Forgery
- SQL Injection
- Unrestricted Server File System Access
- Authentication Issues
- Authorization Issues
- Account Hijacking
- Server-Side Code Execution Bugs
The following will be considered out of scope:
- Denial of Service attack
- Brute forcing
- Issues with old browsers/plugins
- Vulnerability requiring social engineering or phishing to be performed
- UI and UX bugs
- Spelling and grammatical mistakes
Please include a short description of the vulnerability and clear steps to reproduce it in your report. Concrete security risk scenarios are valued higher than hypothetical ones.
A reward may be awarded after verifying that the vulnerability is reproducible and has an impact to our customers. Each submission will be evaluated case-by-case. The decision and amount of the reward will be at the discretion of SideFX. If we receive multiple reports for the same issue from different parties, the reward will be granted to the first eligible submission.
Participants must be 14 years of age or older to participate or have their parent’s or legal guardian’s permission. Current employees of SideFX or immediate family members or household members of such employees may not participate.
Wall of Fame
SideFX would like to thank the following researchers for participating in our responsible disclosure program.
- Shubham Pathak