Bug Submission Requirements and Guidelines
In researching vulnerabilities on StarLeaf’s sites, you may not engage in testing that (i) results in a degradation of StarLeaf’s systems, (ii) results in you, or any third party, accessing, storing, sharing or destroying StarLeaf or customer data, or (iii) may impact StarLeaf customers, such as denial of service, social engineering or spam.
You may not publicly disclose your findings or the contents of your Submission in any way without StarLeaf’s prior written approval.
Failure to follow these guidelines will result in disqualification from the Bug Bounty Program and ineligibility for receiving any bounty payments.
Vulnerabilities that we think violate our fundamental security of the StarLeaf Service (for example, the escalation of privilege from unauthenticated to administrators, privileged remote code execution, access to customer data) will be considered P1 and typically eligible for a minimum of $1,000.
Any vulnerability that we fix in response to a submission via our program will be eligible for a minimum of $50.
Bounty payments, if any, will be determined by StarLeaf in StarLeaf’s sole discretion. In no event shall StarLeaf be obligated to pay you a bounty for any Submission. All bounty payments shall be considered gratuitous.
To report a bug, email our security team: firstname.lastname@example.org.