Goodgrade.ai Bug Bounty Program

Goodgrade LLC

Updated: May 17, 2024

Introduction

Welcome to the Goodgrade.ai Bug Bounty Program! We appreciate your efforts in helping us maintain the security and integrity of our platforms. This program is designed to reward individuals who report vulnerabilities in our systems responsibly.

Program Scope

Our bug bounty program covers:

  • The Goodgrade.ai website (www.goodgrade.ai)
  • Goodgrade.ai mobile applications on iOS and Android

Vulnerability Severity Classification & Rewards

  • Critical ($100): Includes remote code execution, significant data breaches, and full system access.
  • High ($75): Includes SQL injection, access control issues that lead to unauthorized access to sensitive data.
  • Medium ($40): Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF).
  • Low ($15): Minor issues that do not significantly impact the security but can improve the system's robustness.

How to Report a Vulnerability

If you have identified a potential security issue, please report it to us by sending a detailed email to security@goodgrade.ai. Your report should include:

  • A detailed description of the issue.
  • Steps to reproduce the problem.
  • Any relevant screenshots or additional information that would help us understand the scope and impact of the vulnerability.

Response and Resolution

We aim to acknowledge receipt of your report within 48 hours. Our team will evaluate the report and work diligently to address the issue swiftly and appropriately. We ask that you do not disclose the bug to the public until it has been resolved.

Legal Safe Harbor and Terms

Participants in this program are required to comply with all applicable laws and regulations. Before you engage in testing, be aware that:

  • Authorization: By participating in the Goodgrade.ai Bug Bounty Program, you affirm that any activities are performed in good faith to only identify potential security issues. You must not engage in any activity that can harm the performance or availability of our services.
  • Disclosure: Public disclosure of the vulnerability without express consent from Goodgrade.ai is prohibited. We aim to work collaboratively with security researchers to understand and remediate verified vulnerabilities.
  • Data Handling: During your research, avoid accessing or modifying data that does not belong to you. If Personally Identifiable Information (PII) is encountered, you must cease testing immediately and report the issue.
  • Compliance with Laws: You are solely responsible for ensuring that your actions comply with applicable laws and regulations, including but not limited to anti-hacking laws. If your security research and testing involve jurisdictions with different laws, it is your responsibility to adhere to all such legal requirements.

Goodgrade.ai and its designated representatives reserve the full authority to classify the severity of vulnerabilities reported and determine the eligibility of rewards for such reports. Decisions by Goodgrade.ai are final and binding with respect to the classification and eligibility for bounty rewards. Participants in this program are expected to respect these decisions and understand that the primary goal of the program is to enhance the security of our services in a collaborative and respectful manner.

Thank You

We sincerely appreciate your contribution to the security of Goodgrade.ai. Your efforts help us ensure the safety and privacy of all our users.