PAJ GPS

Program Ground Rules Don’t mass create accounts to perform testing against our applications and services. Don’t conduct automated testing - under no circumstance is automated testing allowed and will result in disqualification of the security bug(s). Don’t engage in social engineering (e.g. phishing, vishing, smishing). Don’t attempt to extort us. Don’t leave any system in a more vulnerable state than you found it. Don’t publicly disclose vulnerabilities. Do respect our users’ privacy. Do research vulnerabilities and disclose vulnerabilities to us in good faith. Do be respectful when interacting with our team.

General Principles Take responsibility and act with extreme care and caution. When investigating the matter, only use methods or techniques that are necessary in order to find or demonstrate the weaknesses. Do not use weaknesses you discover for purposes other than your own specific investigation. Do not use social engineering to gain access to a system. Do not install any back doors – not even to demonstrate the vulnerability of a system. Back doors will weaken the system’s security. Do not alter or delete any information in the system. If you need to copy information for your investigation, never copy more than you need. If one record is sufficient, do not go any further. Do not alter the system in any way. Only infiltrate a system if absolutely necessary. If you do manage to infiltrate a system, do not share access with others. Do not use brute force techniques, such as repeatedly entering passwords, to gain access to systems. Do not use Denial of Service (DoS) type of attacks to gain access

Frequently-asked questions Will I receive a reward for my investigation? You are entitled to any compensation, contact us via e-mail.