Last updated: May 14, 2022
As part of the security community, Noname Security provides tools to other organizations to help with their security posture. We do research and development, create code, and assist our customers and partners with securing their environment. However, we’re human too, and it’s possible, even likely, we’ve got bugs or misconfigurations in our systems. With this in mind, we’d like to leverage the wider community in helping us secure our systems so we can continue to help others.
Our bug bounty program allows us to recognize those whose efforts support us in keeping our systems and customers secure.
|Low (0.1-3.9)||Medium (4.0-6.9)||High (7.0-8.9)||Critical(9.0 – 10.0)|
Noname Security strives to respond to reports as follows:
We do our best to keep researchers informed throughout the process.
Note that we will need to perform identity verification steps to comply with regulatory requirements such as Know-Your-Customer (KYC) and international banned lists.
To report a vulnerability detected in Noname’s website, infrastructure, or its offered products, please fill out the form below with your email, and a brief description of the attack vector. Include all relevant vulnerability details along with a descriptive set of instructions to reproduce the vulnerability found.
We request the security community to allow us to fix any identified vulnerabilities before releasing the information publicly while adhering to the following:
PLEASE DO: Notify us before announcing the vulnerability on any public forum, both online or in-person.
PLEASE DON’T: Exploit a vulnerability to cause potential damage or view unauthorized data, or disclose a vulnerability to others until it has been resolved.
We are not interested in low impact, purely theoretical or best-practice issues. We don’t consider them eligible for the bounty program.
Here are some examples:
Technology services owned and hosted by 3rd parties are excluded from this program. Vulnerabilities reported, if hosted by 3rd parties, should be reported to the 3rd party directly.
Vulnerabilities found in non-production environments may be excluded from this policy at our discretion.
Experience the speed, scale, and security that only Noname can provide. You’ll never look at APIs the same way again.