Details

We created GlassWire to help everyday users protect their devices and privacy by monitoring their network activity . The security, data, and privacy of our GlassWire users is our priority. We hope HackerOne will help security researchers report GlassWire software vulnerabilities to us.

Reporting a vulnerability in the GlassWire desktop or mobile software

We will try to review all reported vulnerabilities within 10 business days to see if they qualify for HackerOne recognition. Vulnerability reports require a proof of concept and detailed information on how the vulnerability can cause GlassWire to be misused.
Please use the following guidelines:

We are mainly seeking vulnerabilities in our software (mobile and desktop).
Check for network parser vulnerabilities.
Check for vulnerabilities using fuzzing and binary analysis.
Go to GlassWire settings/server to review its remote access security.
*.glasswire.com minus exclusions below.
Please include detailed instructions on the vulnerability so we can try to reproduce the issue.
Please do not disclose the issue until it has been fixed by GlassWire.
Do not disrupt services for users.
Do not violate the privacy of users or modify their data.

Scope Exclusions

Physical attacks
DDOS, DOS, or Brute Force attacks
Social Engineering
Wordpress/Discourse vulnerabilities
forum.glasswire.com uses Discourse third party software
blog.glasswire.com hosted by Wordpress.com
store. and other shopping pages hosted by our billing company
Vulnerabilities on third party sites
Password complexity reports
Cracks
Software that we do not make or have any control over that falsely claims to be GlassWire
Mailchimp forms
Reports about DLL hijacking without demonstrating how it gains new privileges.
Windows 7 is no longer supported by Microsoft. Please only give Windows 10 examples if possible.

Rewards

We now offer paid bounties for vulnerabilities in our Windows desktop software or mobile software. GlassWire does not offer bug bounties related to our website unless the vulnerability is serious and has real security implications for our users.

Reporting a vulnerability in the GlassWire desktop or mobile software

We are mainly seeking vulnerabilities in our software (mobile and desktop).

Check for network parser vulnerabilities.

Check for vulnerabilities using fuzzing and binary analysis.

Go to GlassWire settings/server to review its remote access security.

*.glasswire.com minus exclusions below.

Please include detailed instructions on the vulnerability so we can try to reproduce the issue.

Please do not disclose the issue until it has been fixed by GlassWire.

Do not disrupt services for users.

Do not violate the privacy of users or modify their data.

Scope Exclusions

Physical attacks

DDOS, DOS, or Brute Force attacks

Social Engineering

Wordpress/Discourse vulnerabilities

forum.glasswire.com uses Discourse third party software

blog.glasswire.com hosted by Wordpress.com

store. and other shopping pages hosted by our billing company

Vulnerabilities on third party sites

Password complexity reports

Cracks

Software that we do not make or have any control over that falsely claims to be GlassWire

Mailchimp forms

Reports about DLL hijacking without demonstrating how it gains new privileges.

Windows 7 is no longer supported by Microsoft. Please only give Windows 10 examples if possible.