We recognizes the importance of security researchers in maintaining our IPSX community safe. IPSX encourage responsible disclosure of security vulnerabilities.
Responsible disclosure includes:
IPSX will not take unreasonable punitive actions against security researchers who point out a problem provided they do their best to follow the above guidelines. We reserve the right to publish security reports and/or company updates containing the vulnerabilities reported by the security researchers.
IPSX may offer rewards to the security researchers for reporting bugs that help us to improve our security. Your submission containing the reported vulnerabilities will be reviewed and validated by IPSX Security team. Providing clear and concise steps to reproduce the finding, will help to expedite the response. However, we reserve the right to evaluate the reported vulnerabilities, their relevance and risk level. The decision on issue reward and related amount will be taken after the evaluation is made.
We cannot offer rewards to individuals who are on sanctions lists, or who are in countries on sanctions lists. Any tax implications fall under your fully responsibility, depending on your country of residency and citizenship. Moreover, further restrictions may apply, also depending upon your local law.
We can cancel the IPSX Security Vulnerability Reporting Program at any time and the decision as to whether or not to offer a reward has to be entirely at our discretion.
We are especially interested and willing to reward for following type of vulnerabilities:
Out of Scope:
All vulnerabilities affecting the IPSX Services (e.g. https://ip.sx, https://app.ip.sx), should be reported via email to firstname.lastname@example.org.
IPSX credits the following people who have helped with the security so far: