Process Shepherd

Categories

Menu

Bug Bounty Policy

Process Shepherd values the security of its systems and appreciates the contributions made by security researchers through their responsible, private disclosure of vulnerabilities.

 

We offer a bounty for each identified bug that aligns with our criteria. Once we receive a bug report, we will review it within a period of up to 14 business days. If the reported issue meets our requirements, we will provide a payment of $50 USD per unique bug identified.

 

However, our bounty program excludes certain types of bugs:

 

  1. Any issues pertaining to third-party systems.
  2. Descriptive error messages (e.g., Stack traces, server or application errors).
  3. HTTP 404 codes/pages or other HTTP non-200 codes/pages.
  4. Disclosure of banner on common/public services.
  5. Disclosure of public files or directories (e.g., robots.txt).
  6. Clickjacking and issues exploitable solely via clickjacking.
  7. Self-XSS and issues exploitable only through Self-XSS.
  8. CSRF on forms accessible to anonymous users (e.g., contact form).
  9. Tab nabbing.
  10. Stripping of EXIF data from uploaded images.
  11. Logout CSRF.
  12. “Autocomplete” or “save password” functionality in applications or web browsers.
  13. Issues requiring physical access to a device for exploitation.
  14. DMARC configuration not in reject or quarantine mode.
  15. Non-deleted WordPress XMLRPC or Rest API scripts (they are as disabled as our hosting allows).
  16. Execution of CSV content due to special treatment of certain characters by a third-party client application in exported CSV files.
  17. Issues related to the password policy.

 

The following reports will also be excluded:

  • Duplicate bug reports that we have previously received.
  • Bug reports for which fixing is not feasible.

We urge researchers to focus on processshepherd.com and its subdomains.

 

To report a bug, please send an email to security@processshepherd.com with as much detail as possible (steps to reproduce, why it constitutes a bug, and so forth). Video demonstrations are highly encouraged.

 

Thank you for your contribution to enhancing our security.