Bug bounty program
Reward program for detecting bugs and vulnerabilities in ISPsystem products.
We value the efforts of bug hunters as they help us improve our developments. This is why we have launched the reward program for verified bugs and vulnerabilities.
It takes a couple of clicks to participate in the program. It is crucial though that the request for participation meets the outlined criteria and that the participant has duly finalized the report and accepted the offer.

Types of bugs





The procedure for finalizing messages
Rules
and exceptions
Bugs that have been made publicly available, do not participate in the Program.
Information about bugs shall be deemed confidential and not be subject to disclosure without vendor's consent.
The reward shall only be payable once the vulnerability of the products has been addressed but not later than within a week from the date of application.
In order to search for vulnerabilities a participant of the program is entitled to use only those products that he/she owns personally. This is to make sure that we do not review problems that have caused damage to third party installations through participant’s actions.
We do not review cases where administrator has intentionally compromised the security of his/her server (for example, left its password exposed in each user’s home directory).
We do not review cases of a server artificial denial resulting from superfluous requests with a lengthy data, considering it a typical example of DDOS attack.
Former and active employees of the company as well as their relatives cannot participate in the Program.
In case of a problem that causes utilization of more resources than those available under a license purchased from ISPsystem (breach of ISPsystem license agreement). We do not review solutions based on modifications of executable files included in the product.
Found a bug?
Fill out a short form to receive your reward
