Responsible disclosure rewards


  • Responsible Disclosure
  • Responsible Disclosure Program
  • Security Disclosure Policy
  • Rewind Vulnerability Disclosure Policy
  • Responsible disclosure policy
  • Responsible Disclosure

    TruTrip reserves the right to determine severity classifications, report validity, duplications, exclusions, and out-of-scope Findings in its sole discretion. Reward value is set at the total and absolute discretion of TruTrip.

    TruTrip reserves the right to decrease or increase any Reward. Prior Rewards are not precedent for future payments. You may remain anonymous by using a pseudonym. To be eligible to receive a Reward, however, you must provide TruTrip with accurate, complete, and up-to-date information about you, including your address and any other information that We reasonably request to allow Us to legally send any Reward to you.

    If you do not provide the reasonably required payment information within 21 days of request, You shall forfeit all Reward rights and claims. TruTrip shall endeavour to process Reward s within 14 days of submission subject to all the required information being provided. However, no legal proceedings will be brought for unpaid Rewards relating to your Findings before the expiration of sixty 60 days after submission. No legal proceedings may be brought more than one 1 year after a submission was received.

    We will not issue Rewards for Findings already identified. Findings relating to 3rd-party systems. Findings which enumerate already claimed handles, emails and other such information. This reveals no sensitive information, regardless of whether the associated profiles are public or private. Any violation of this Confidentiality requirement shall disqualify you from any current and future participation in this VDP. For clarification, any violation of these confidentiality requirements shall mean you automatically DO NOT qualify for any Reward.

    You warrant: You are not employees or legal representatives of TruTrip for any purpose. You do not have the authority to enter into any contracts in the name of or on behalf of TruTrip These Terms shall not constitute, create, or in any way be interpreted as a joint venture, partnership, or business organization of any kind. The legality, validity and enforceability of such provision in any other jurisdiction shall be unaffected.

    Any dispute arising out of or in connection with these Terms of Use, including any question regarding their existence, validity or termination, shall be referred to and finally resolved by arbitration administered by the Singapore International Arbitration Centre in accordance with the Arbitration Rules of the Singapore International Arbitration Centre for the time being in force, which rules are deemed to be incorporated by reference in this Clause The seat of the arbitration shall be Singapore.

    The Tribunal shall consist of one 1 arbitrator. The language of the arbitration shall be English. You consent to service of process out of any court where applicable by the same being left at your address indicated on the Platform or sent by registered mail to this address , or by e-mail to your e-mail address indicated to TruTrip or on the Platform.

    You so consent regardless of whether or not personal service is required or otherwise. Where service of process is sent by registered mail, the service shall be deemed to be made in the absence of any evidence to the contrary by the third day.

    We publicly share most accepted and resolved Findings here. But in the event the Findings have not been fully resolved we may not share. TruTrip reserves the right to determine Duplicate Findings in its sole discretion. TruTrip reserves the right to determine Excluded Findings in its sole discretion. Findings A Finding is the identification and documentation of a potential Vulnerability. Submission Submission refers to sharing the information relating to a finding with TruTrip. This can be done via our online submission form or via email to [email protected] VDP Refers to this programme, the Vulnerability Disclosure Programme.

    Exploiting a vulnerability would allow someone or something to increase their access privileges to our operating systems or software, potentially in order to perform malevolent acts. We are here to help you to simplify business travel You can use our platform for free or speak to us to understand how we can help your business further.

    Responsible Disclosure Program

    Security Privacy Compliance Responsible Disclosure Program Aqua Security is committed to maintaining the security of our products, services, and systems. We believe that the Responsible Disclosure Program is an inherent part of this effort.

    Our team will review the disclosed information, evaluate, and if possible, remediate or mitigate the findings. Report a Vulnerability Please let us know about the vulnerabilities you identify as quickly as possible.

    The report sent to psirt aquasec. Detailed description of the vulnerability. Description, steps were taken and tools that were used to discover the vulnerability. Projected impact of the vulnerability and likely attack scenario. Proof of Concept PoC — please supply instructions demonstrating how the vulnerability might be exploited. Remediation, mitigation or corrective actions of how to fix the vulnerability.

    Important to mention Please do not publicly disclose the details of any potential security vulnerabilities without written consent from Aqua Security authoritative department. Aqua Security does not condone any malicious or illegal behavior in the identification and reporting of security vulnerabilities and you should not engage in any activity that violates applicable laws. If you discover personally identifiable information PII while exploring a suspected security vulnerability, please cease your investigation and report the vulnerability that led to such discovery immediately.

    Things to Avoid If you are considering submitting a vulnerability report, your values clearly align with ours. You know how critical security is and you want to protect the information. Understanding this shared perspective, we do not want you to take on or create unnecessary risk in order to discover a vulnerability. Accordingly, we ask that you kindly avoid performing actions that may: Negatively affect availability or integrity of any of Aqua Security or its customers services, infrastructure or data.

    Violate any other applicable laws or regulations. Rewards Aqua recognizes and rewards security researchers who help us keep people safe by reporting vulnerabilities in our services. To potentially qualify a bounty, you first need to follow the requirements and adhere to Responsible Disclosure Program.

    We investigate all valid reports. In case found qualified, we award a bounty to the first person to submit an issue. Bounty amounts determined based on a variety of factors, including but not limited to impact, ease of exploitation, and quality of the report.

    Note that extremely low-risk issues may not qualify for a bounty at all.

    Security Disclosure Policy

    Remediation, mitigation or corrective actions of how to fix the vulnerability. Important to mention Please do not publicly disclose the details of any potential security vulnerabilities without written consent from Aqua Security authoritative department.

    Aqua Security does not condone any malicious or illegal behavior in the identification and reporting of security vulnerabilities and you should not engage in any activity that violates applicable laws. If you discover personally identifiable information PII while exploring a suspected security vulnerability, please cease your investigation and report the vulnerability that led to such discovery immediately.

    Things to Avoid If you are considering submitting a vulnerability report, your values clearly align with ours. You know how critical security is and you want to protect the information. Understanding this shared perspective, we do not want you to take on or create unnecessary risk in order to discover a vulnerability.

    Accordingly, we ask that you kindly avoid performing actions that may: Negatively affect availability or integrity of any of Aqua Security or its customers services, infrastructure or data. Violate any other applicable laws or regulations.

    Rewards Aqua recognizes and rewards security researchers who help us keep people safe by reporting vulnerabilities in our services.

    Rewind Vulnerability Disclosure Policy

    To potentially qualify a bounty, you first need to follow the requirements and adhere to Responsible Disclosure Program. We investigate all valid reports. TruTrip reserves the right to determine severity classifications, report validity, duplications, exclusions, and out-of-scope Findings in its sole discretion. Reward value is set at the total and absolute discretion of TruTrip. TruTrip reserves the right to decrease or increase any Reward. Prior Rewards are not precedent for future payments.

    You may remain anonymous by using a pseudonym. To be eligible to receive a Reward, however, you must provide TruTrip with accurate, complete, and up-to-date information about you, including your address and any other information that We reasonably request to allow Us to legally send any Reward to you.

    If you do not provide the reasonably required payment information within 21 days of request, You shall forfeit all Reward rights and claims. TruTrip shall endeavour to process Reward s within 14 days of submission subject to all the required information being provided.

    Responsible disclosure policy

    However, no legal proceedings will be brought for unpaid Rewards relating to your Findings before the expiration of sixty 60 days after submission.

    No legal proceedings may be brought more than one 1 year after a submission was received. We will not issue Rewards for Findings already identified. Findings relating to 3rd-party systems. Findings which enumerate already claimed handles, emails and other such information.

    This reveals no sensitive information, regardless of whether the associated profiles are public or private. Any violation of this Confidentiality requirement shall disqualify you from any current and future participation in this VDP. For clarification, any violation of these confidentiality requirements shall mean you automatically DO NOT qualify for any Reward.

    You warrant: You are not employees or legal representatives of TruTrip for any purpose.


    Responsible disclosure rewards