Responsible Disclosure
Bench IQ welcomes and encourages security research reports regarding vulnerabilities with our systems. We do not prosecute people who discover and report vulnerabilities to us responsibly and according to the below guidelines. We treat all reports seriously and with high priority.
Guidelines
Please avoid any privacy violations, degradations and disruption to our production systems during your testing. This includes any activity that has an impact on the availability of our systems.
Do not attempt to brute-force or spam our systems. Specifically, please avoid the use of automated vulnerability scanning tools.
Never exploit a vulnerability you discover to view data or alter data without authorization.
Please keep information disclosed confidential between yourself and Bench IQ, until we resolve the issue. We will make our best efforts to fix issues in a short timeframe.
Scope
The following are in scope as part of our Responsible Disclosure Program:
Vulnerability Submissions
Please report any security issues you find to [email protected].
Please include the following in your submission:
Your name and contact information
Company name (if applicable)
A detailed description of the potential vulnerability
Exact steps to reproduce the issue, including any associated URL and parameters demonstrating the vulnerability.
Any relevant details of your system’s configuration, such as any browser or user-agent information.
Your IP address and Bench IQ account, to coordinate with our logs.
Reward
A reward may be awarded after verifying that the vulnerability is reproducible, unique, and has an impact on our customers. Each submission will be evaluated case-by-case. The decision and amount of the reward will be at Bench IQ’s discretion.
Thank You
We want to make sure to sincerely thank you for disclosing responsibly and working with us to improve our security. We understand the work and talent you've put into finding these issues and appreciate you reaching out to us.