Hello, researcher!
Protecting our community’s privacy and security is among our highest priorities. Help us track down vulnerabilities and get paid a bounty.
We invite security researchers to investigate vulnerabilities in TREBEL, so long as your research follows this responsible research and disclosure policy.
✅ What you need to do
- Avoid harm or risk to TREBEL, our users, or third parties.
- Don’t disclose without our agreement.
- Report through a legitimate channel.
❌ What you can't do
- No privacy violations.
- No deletion or damage of resources.
- No lasting harm.
- Nothing that degrades our service.
- No creation or sharing of inappropriate content.
- No targeting our staff, investors or physical environment.
How we'll respond
If you follow these guidelines we commit to:
- Not pursuing or supporting legal action related to your research.
- Working with you to understand issues, and resolve them if TREBEL considers it necessary.
- Taking steps to make it known that your actions were conducted in compliance with these guidelines if a third party initiates legal action against you in connection with activities in our programs scope.
Rewards
As part of encouraging security researchers to put our security to the test, we offer a variety of rewards for doing so if:
- The reported vulnerability is verifiable
- It hasn't been reported already
- You've conducted your activities in a manner consistent with our guidelines
Rewards are provided at TREBEL's discretion based on the severity of the bug and the quality of the report.