We want Phare to be a safe place for everyone. If you have discovered a security vulnerability, we appreciate your help in disclosing it to us in a responsible manner. We will investigate all legitimate reports and do our best to quickly fix the problem.
To encourage responsible disclosures, we will not pursue civil action or initiate a complaint to law enforcement for accidental, good faith violations of this policy. We consider security research and vulnerability disclosure activities conducted consistent with this policy to constitute “authorized” conduct under the Computer Fraud and Abuse Act, the DMCA and applicable anti-hacking laws such as Cal. Penal Code 502(c). We waive any DMCA claim against you for circumventing the technological measures we have used to protect the applications in scope.
If legal action is initiated by a third party against you and you have complied with this bug bounty policy, we will take steps to make it known that your actions were conducted in compliance with this policy.
Please understand that if your security research involves the networks, systems, information, applications, products, or services of another party (which is not us), that third party may determine whether to pursue legal action. We cannot and do not authorize security research in the name of other entities.
You are expected, as always, to comply with all applicable laws.
Please submit a report to us before engaging in conduct that may be inconsistent with or unaddressed by this policy.
To ensure the security of our platform and the privacy of our users, we have established the following rules for vulnerability disclosure. Please adhere to these guidelines when conducting security research and reporting vulnerabilities:
If you discover a vulnerability or security concern related to Phare, please report it by contacting us at security@phare.io. To assist us in addressing the issue promptly, include detailed exploit steps and, if possible, a proof of concept.
We treat all security disclosures with the utmost seriousness. Upon receiving a report, we rapidly verify the vulnerability and take the necessary steps to resolve it. Once verified, we will keep you informed of our progress and notify you when the issue is fully resolved.
We appreciate the efforts of security researchers who help us maintain the security of our platform. If you report a legitimate security vulnerability to us, we will publicly recognize your efforts in some way to be determined in the future. Phare is also not in a position to offer monetary rewards for vulnerability disclosures at this time. As a form of gratitude, we may provide you with a free subscription to our platform or other benefits.