Our security team constantly works at keeping customer information secure. We recognize the important role that independent security researchers and our user community play in helping to keep Actility and its users secure. If you discover a vulnerability, please notify us using the guidelines below.
Actility will pay a bounty for certain security bugs, as detailed below. All security bugs should follow the following general criteria to be eligible:
The bounty for a valid and potentially exploitable security vulnerabilities will be between 50€ and 200€ cash reward. The bounty program encourages the earliest possible reporting of these potentially exploitable bugs.
We reserve the right not to pay bounties for security bugs in or caused by additional third party software.
To claim a bounty:
– Make sure you have a Yogosha account
– If you don’t have a Yogosha account, claim one and mention “Actility” in the “message” field of your application.
– File a bug at Yogosha describing the security issue
– Attach a “proof of concept” and rate your Bug’s criticality using CVSS.
Please be available to follow along and provide further information on the bug you discovered as needed, and work with Actility’s engineers in reproducing, diagnosing, and fixing the bug.