We are committed to operating a secure and stable platform for all of our users.
We welcome reports of vulnerabilities from researchers related to any part of the Pitchero system, including but not limited to, our websites, and mobile applications.
Provided that vulnerability submissions are made in good faith and follow our reporting process, we do not intend to legally pursue friendly researchers.
We accept submission via email to firstname.lastname@example.org, this will create a ticket within our support system and you will receive a ticket number in response. This should be your reference number for all correspondence.
We aim to acknowledge receipt of your email within 2 business days (Monday-Friday, excluding national holidays).
Internal resource will then be assigned to assess your report. You will then receive confirmation that your report has been verified and our expected timescale to fix the issue.
Please do not disclose your issue publicly until you have received confirmation that the issue has been fixed. Depending on the severity of the issue and internal resource, this may take some time.
Bug bounty programme/remuneration
At this time do we not operate a formal bug bounty program and therefore do not have a budget allocated to this. You should not expect to be paid for the submission of a vulnerability report.
We sometimes offer a monetary goodwill gesture if the report is of significant severity.
Thank you for helping to keep our customers safe.
Last updated August 2020