Hello, researcher!

Protecting our community’s privacy and security is among our highest priorities. Help us track down vulnerabilities and get paid a bounty.

We invite security researchers to investigate vulnerabilities in TREBEL, so long as your research follows this responsible research and disclosure policy.

✅ What you need to do

Avoid harm or risk to TREBEL, our users, or third parties.
Don’t disclose without our agreement.
Report through a legitimate channel.

❌ What you can't do

No privacy violations.
No deletion or damage of resources.
No lasting harm.
Nothing that degrades our service.
No creation or sharing of inappropriate content.
No targeting our staff, investors or physical environment.

How we'll respond

If you follow these guidelines we commit to:

Not pursuing or supporting legal action related to your research.
Working with you to understand issues, and resolve them if TREBEL considers it necessary.
Taking steps to make it known that your actions were conducted in compliance with these guidelines if a third party initiates legal action against you in connection with activities in our programs scope.

Rewards

As part of encouraging security researchers to put our security to the test, we offer a variety of rewards for doing so if:

The reported vulnerability is verifiable
It hasn't been reported already
You've conducted your activities in a manner consistent with our guidelines

Rewards are provided at TREBEL's discretion based on the severity of the bug and the quality of the report.

Report a vulnerability

Summary Title

Submission title

Technical Severity

VRT Cateogry

Vulnerability details

URL / Location of vulnerability (optional)

For example: https://secure.server.com/some/path/file.php

Description

Describe the vulnerability and its impact. Provide a proof of concept or replication steps. Maximum 10,000 characters.

Trace dump / HTTP request (optional)

Any additional information? (optional)

Maximum 10,000 characters.

Email

Researcher email (optional)