Vulnerability Disclosure Program
Longlist.io is truly dedicated to protecting data safety and security. Our Vulnerability Disclosure Program is intended to minimize the impact that any security flaws have on our tool or users. Our Vulnerability Disclosure Program concerns web application available via Service. In order to qualify to the Program, the vulnerability must exist in the latest public release (including officially released public betas) of the Software. You should remember that only security vulnerabilities will qualify. To ensure that your observations are properly reported you shall use only approved channels, namely you should report discovered vulnerability via email to [email protected].
Guidelines and Scope limitations
Activity considered to be out of scope
We accept only manual or semi-manual tests. All findings coming from automated tools or scripts will be considered as out of scope. Furthermore, all issues without clearly identified security impact, missing security headers, or descriptive error messages will be considered out of scope. Your findings should be supported by clear and precise documentation with no speculative information. All findings should have an indication of relevance and impact. We reserve our right not to act in case of findings with no real risk impact on our data integrity and security. All researches violating this Program terms, Terms of Service, Safety and Security and GDPR-related documentation as well as governing law shall be treated as acting in bad faith and in an illegal manner. We are not obliged to provide remuneration, fee or rewards for any vulnerability disclosure – such action remains in our full discretion.