Algorithmia Blog

Algorithmia Security Bounty Program

For us here at Algorithmia, protecting the privacy and security of our user’s information is a top priority. After some time in development, we are happy to announce that starting today we will be recognizing security researchers for their efforts through a bug bounty program..

A bug bounty program is common practice amongst leading companies to improve the security and experience of their products. This type of program provides an incentive for security researchers to responsibly disclose vulnerabilities and bugs, and allows for internal security teams to respond adequately in the best interest of their users.

All vulnerabilities should be reported via security@algorithmia.com. GPG key available below [1].

Guidelines

We require that all researchers:

 

Make every effort to avoid privacy violations, degradation of user experience, disruption to production systems, and destruction of data during security testing:

If you follow these guidelines when reporting an issue to us we commit to:

 

Scope:

 

Any component developed by us under Algorithmia.com is fair game for this bounty system except individual algorithms created by our users.

Out of Scope:

Any services hosted by 3rd party providers and services are excluded from scope.

 

In the interest of the safety of our users, staff, the Internet at large, and you as the security researcher, the following test types are excluded from scope and not eligible for a reward:

Things we do not want to see:

Personally identifiable information of users (PII) that you may have found during your research.

[1]

—–BEGIN PGP PUBLIC KEY BLOCK—–

Version: GnuPG v1

mQENBFU8HlYBCACm2TJ4/kaP10G/dpfeLlzWCsJ1zrbehUg/G3mzzN2vSXKNCK0KY5ZRmSHlMAoF9ZINpSlQCafDHIbVqqQnRZ6/VrG9hLc0avn9o8vgtkMfKFDVYozr1yz7GiGDqANaXS4B2xzJncZi3WFaslYOGFx2ctDEgBFGKilhoVaejA9EjcubMKvOVmtLkBTvTz0WTGasBxP0689httGBn/5P2yz+HT7ei3FiDa842ekgw1Ak699AVMrb7CtHpiyS8kTW/KGfrsmwEqWLKC46X/VjAdtKB994RIFN1BMJbza0i16N3rM/8+kVU8yDRm1S5w9gopQHUETVsTrOtoK40SHpYIRhABEBAAG0L0FsZ29yaXRobWlhIFNlY3VyaXR5IDxzZWN1cml0eUBhbGdvcml0aG1pYS5jb20+iQE+BBMBAgAoBQJVPB5WAhsDBQkFo5qABgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRAxFOOGF4jSHdT6B/4wKb+fPYdoOnBjLnz1NgHlEXoP4462Hn5YgYGTi3l9spimnkATYuIVCK1Q80iFJgV8V8TpC2e4XnsdeG7yFPSfHUg3dMikokz3bIfLsAuMj3dML7cp4nRVHlrr28zlC+HRgr9dp7wn4BOfD2qv3q3lknwscygHOCc4pzD7LmB36pzL0BA8M0p31xp+oVMH6zD2OrLws8bUvouxLTzXqtmQFOEt072CS85rXKKYVrDs4/pXgAEtpCcr6xJRcnDKKsdNFoYJDlaUTzD+mzobNYXb45rzB2JsNssQEH2SB6zV9ZLBfQGUe0iF35hNVe3ZceQLuNRbjSR2M913OLEmAUXvuQENBFU8HlYBCADThh+5DXgb6BOHi2TeO58QemL18mzqffRhlyrND+zYvLxwES2c4OoEWfXCGU7vPvtC5x855r8vx+ERVUxx7o+2DzSJU3AQ56YOqDaF55KcJtlfRIT2Xww+9Dl7bO9vL+piFmEMnvNPMUjy7mZm5Zmj3RN+0oewWVgzDrcRMz87SzXRYA2q0K3SlLIiaHD3KtD0lQILIvS9pvkcoNUcxV8pkbYRlQQPhIyxW+9kte+aru8kAfJwqhvrieo6OKscUJWYfX/ORms4iKVCcebfw0R5UmLBRsKKyQ2eIVU0q1UP0F+28YEFbLQlDo25PSD/N3gKnD1thkxqK/33UjDGVLyxABEBAAGJASUEGAECAA8FAlU8HlYCGwwFCQWjmoAACgkQMRTjhheI0h0XFwf7BkgEjHOE5YV8dqFVOC0K3RG8/Ppg63e+KdKO/9cx0gi/LB5O7jVA5m5XeQn2NPVzfr6NcUHjxP15aBu0zOD3ZN7tMNmsAGYMO8QPZIXjgvlWFTYklbxrSI5QEL914ZELdEfIHy1UYO2AoPUAkQCsNOvDhY6URHktLJtFYBUOzFKlDLDkX5Wv+hahG3OZ6XmPN40yeKfug/uO56eMtDDKmm2caQDs3awRUPDJ/EDgPi4Mtx55lHUcZ3bbzGMhIdVS2U8jCiox3IpMm1IogqOek3EBHRkvyeWZafbkqAX7YQwqS6SvjUtIvU/nHWVPdx9KpWggcgkEVs5GTw4VY6pFtA===EMqo
—–END PGP PUBLIC KEY BLOCK—–