phishing, vishing, smishing) is prohibited. Multiple vulnerabilities caused by one underlying issue will be awarded one bounty. When duplicates occur, we only award the first report that was received (provided that it can be fully reproduced). Submit one vulnerability per-report, unless you need to chain vulnerabilities to provide impact.
If the report is not detailed enough to reproduce the issue, the issue will not be eligible for a reward. Please provide detailed reports with reproducible steps. This is a private program, and you must not discuss this program or any vulnerabilities (even resolved ones) outside of the program without the express written consent of Evernote.įollow HackerOne's disclosure guidelines.Īll automated scanning must include your H1 username in the user agent in order to be eligible for bounty.Īll authenticated testing must be performed using aliases. We’ll try to keep you informed about our progress throughout the process. Time to bounty (from triage) - 5 business days Time to triage (from report submit) - 2 business days Time to first response (from report submit) - 2 business days Response TargetsĮvernote will try to meet the following response targets for hackers participating in our program: We strive to keep abreast on the latest state-of-the-art security developments by working with security researchers and companies, and appreciate the community’s efforts in creating a more secure world. It's important to us that our customer experience be both private and secure. Evernote is the go-to app that helps millions of people worldwide remember everything and accomplish anything.
0 kommentar(er)
