REPORT A SECURITY VULNERABILITY



Lifebit encourages everyone to follow responsible disclosure procedures when reporting security issues in our products, services, websites, or infrastructure. 

We are committed to engaging with anyone reporting security vulnerabilities in a positive, professional, mutually beneficial manner that protects our customers.


Typical Vulnerabilities Accepted:

  • OWASP Top 10 vulnerability categories
  • Other vulnerabilities with demonstrated impact

Typical Out of Scope:

  • Theoretical/unverified vulnerabilities including scan results

  • Informational disclosure of non-sensitive data

  • Low impact session management issues

  • Self XSS (user defined payload)

 

Important

If you do encounter personally identifiable information, customer data or other sensitive information, contact us immediately, do not proceed with access, and do not retain any copies of such information.

The vulnerability report and all vulnerabilities therein as well as any confidential data accessed pursuant to a vulnerability shall be Lifebit confidential information and you shall (i) protect that information using at least a reasonable degree of care, (ii) not use such information other than to provide such information to Lifebit in connection with this disclosure, and (iii) not divulge to any third person any such information until disclosure is approved in writing by Lifebit.

 

 

Reporting
To report a security bug, please email security@lifebit.ai

 

Vulnerability Disclosure Guidelines

  • Provide detailed description of a proof of concept to detail reproduction of vulnerabilities
  • Do not engage in disruptive testing like DoS or any action that could impact the confidentiality, integrity, or availability of information and systems
  • Do not engage in social engineering or phishing of customers or employees
  • Do not request compensation for time and materials or vulnerabilities discovered