Websitewalla – COORDINATED VULNERABILITY DISCLOSURE POLICY
Last Revised: 03-12-2021
Websitewalla’s Coordinated Vulnerability Disclosure Program Terms and Conditions (“Terms”) cover your participation in the Coordinated Vulnerability Disclosure Program (the “Program”). These Terms are between you and (“Websitewalla ,” “us” or “we”). By submitting any vulnerabilities to Websitewalla or otherwise participating in the Program in any manner, you agree and accept these Terms.
The Program enables users to submit vulnerabilities and exploitation techniques (“Vulnerabilities”) to Websitewalla for a chance to earn rewards in an amount determined by Websitewalla in its sole discretion (“Bounty”). Each Service for which Bounties are available has a separate set of terms applicable to that Service (the “Service Agreements”), to include Websitewalla ’s Universal Terms of Service, all of which are incorporated by reference into these Terms. In the event of a conflict between these Terms and the Service Agreements for a particular Service, the Service Agreement control for that particular Service only. The decisions made by Websitewalla regarding Bounties are final and binding. Websitewalla may change or cancel this Program at any time, for any reason without notice.
We may change these Terms at any time without notice. Participating in the Program after the changes become effective means you agree to the new Terms. If you don’t agree to the new Terms, you must not participate in the Program.
If you wish to opt-out of the Program and not be considered for Bounties, contact us at security@websitewalla.com. Opting out will not affect any licenses granted to Websitewalla in any Submissions provided by you.
You ARE eligible to participate in the Program if you meet all of the following criteria:
ATTENTION PUBLIC SECTOR EMPLOYEES: If you are a public sector employee (government and education), all Bounties must be awarded directly to your public sector organization and subject to receipt of a gift letter signed by your organization’s ethics officer, attorney, or designated executive/officer responsible for your organization’s gifts/ethics policy. Websitewalla seeks to ensure that by offering Bounties under this Program, it does not create any violation of the letter or spirit of a participant’s applicable gifts and ethics rules.
You ARE NOT eligible to participate in the Program if you meet any of the following criteria:
There may be additional restrictions on your ability to enter depending upon your local law.
Websitewalla is not claiming any ownership rights to your Submission. However, by providing any Submission to Websitewalla, you:
The decisions made by Websitewalla regarding Bounties are final and binding.
If we have determined that your Submission is eligible for a Bounty, we will notify you of the Bounty amount and provide you with the necessary paperwork to process your payment. You may waive the payment if you do not wish to receive a Bounty.
If there is a dispute as to who the qualified submitter is, we will consider the eligible submitter to be the authorized account holder of the email address used to enter the Program.
Before receiving a Bounty, you are required to complete and submit an Internal Revenue Service tax form (e.g., Form W-9, W-8BEN, 8233) within 30 calendar days of notification of validation. If you do not complete the required forms as instructed or do not return the required forms within the time period listed on the notification message, we may not provide payment. We cannot process payment until you have completed and submitted the fully executed required documentation.
If your Submission qualifies for a Bounty, please note:
To the extent your security research activities are inconsistent with certain restrictions in our relevant site terms and polices but are consistent with the terms of this Program, we waive those restrictions for the sole and limited purpose of permitting your security research under this Program. If your security research involves the networks, systems, information, applications, products, or services of a third party (which is not us), there is a possibility that they may pursue legal action or law enforcement notice. We cannot and do not authorize security research in the name of other entities as such testing is beyond the scope of our Program, and cannot in any way offer to defend, indemnify, or otherwise protect you from any third party action based on your actions. Please contact us at support@websitewalla.com before engaging in conduct that may be inconsistent with or unaddressed by this Program. If in doubt, ask us first.
Other than your Submission, Websitewalla does not consider or accept unsolicited proposals or ideas, including without limitation ideas for new products, technologies, promotions, product names, product feedback and product improvements (“Unsolicited Feedback”). If you send any Unsolicited Feedback to Websitewalla through the Program or otherwise, Websitewalla makes no assurances that your ideas will be treated as confidential or proprietary.
IF YOU DO NOT AGREE TO THESE TERMS, PLEASE DO NOT SEND US ANY SUBMISSIONS OR OTHERWISE PARTICIPATE IN THIS PROGRAM.