At TNW, we appreciate the effort of the community and our readers to help us find security issues and vulnerabilities in our site. These vulnerabilities include (but not only):
- User data leaks.
- CSRF exploits.
- Cross-site scripting.
- Access into secured areas of the website.
- SQL injection.
- Remote code execution.
Some things we won’t consider (sorry) are:
- Bugs that do not represent any security risk.
- Software version disclosure.
- Results of automated tools or scanners.
- Missing security-related HTTP features which do not lead directly to a vulnerability.
- Denial of Service and brute force attacks.
- Upstream bugs (WordPress core, for example). They should be reported here instead: https://make.wordpress.org/core/handbook/testing/reporting-bugs/
If you think you’ve found one of these vulnerabilities or exploits, please get in touch as soon as possible with us at firstname.lastname@example.org. We’ll take a look at the problem, and if we acknowledge the issue, we’ll offer you a coupon to spend in our online marketplace deals.thenextweb.com.
Of course, some conditions apply:
- Share with us the full details of any problem found, including steps to reproduce it.
- Do not tell anyone else about the issue until we’ve acknowledged and fixed the issue.
- Do not intentionally harm the experience or usefulness of the service to others.
- Do not access, modify or damage any data belonging to others.
In short, only “White Hat” behaviour will be rewarded. Happy hacking!