Vawlt is a solution built with security as a top priority. While our team is entirely committed to design and develop a solution that keeps your data safe, we encourage any user to point out and report any fragilities or vulnerabilities in our website and platform.
If this is the case, we invite you to share with us a detailed report to email@example.com.
Below, you can find some useful information on how to submit a report to our team, as well as a set of rules to guide you if you find any issues. Your report can be even considered for a reward.
Welcome to our Vulnerability Detection Program.
How to submit a report correctly
To submit a vulnerability report, send us an email to firstname.lastname@example.org. Take on consideration the following topics:
Provide a complete description for our analysis.
Attach an "How to" guide with the necessary steps so we can replicate the situation, either in text or video, or a proof of concept.
Provide us any other information you consider useful for the analysis.
Your vulnerability report will be qualified for a prize if all these conditions apply:
The report must have the structure mentioned above.
The report can't be only a copy-paste of an automated security scanner: reports without additional insights won't be considered.
The issue must be real and testable: hypothetical situations won't be considered.
The issue must refer to something we don't know about: we won't reward any findings that were already been previously reported, either by you or someone else.
The issue must take place on the latest publicly available website/platform version of vawlt.io.
The issue must be in scope (see the list below).
Out of scope list
Here are some situations we generally consider to be out of scope:
Vulnerabilities in third-party code or services that do not lead to an exploit.
Missing HTTP security headers.
If the report is proven to be valid, there might be a prize for you. The amounts are calculated based on the category or severity of each reported issue, as you can check in the table below.
Revealing any issue publicly without Vawlt's consent is stricly forbidden.
Please notify us if this is your work or is covered by intellectual property rights of third-party entities.
If you submit any report of this kind, you're granting Vawlt Technologies, S. A. a permanent and irreversible license to all intellectual property rights licensable by you in or related to the use of this material.
Not notifying us for this matter will mean that the report is your own work, so it isn't covered by intellectual property rights from any other entity.
We appreciate your collaboration by keeping our platform and our customers safe.
You can change your cookie settings at any time but if you do, you may lose some functionality on our website. More information can be found