;

Some1's Wall of Fame


Some1 would like to publicly convey our deepest gratitude to the following security researchers for responsibly disclosing vulnerabilities and working with us to remediate them. Your legendary efforts are truly appreciated by Some1.

Rounak Dhadiwal

Shubham Shirse




Some1’s Responsible Disclosure Policy


Some1 understands that protection of user data is a significant responsibility and requires our highest priority. We therefore take the security of our systems extremely seriously, and we genuinely value the assistance of security researchers and others in the security community to assist in keeping our systems secure. The responsible disclosure of security vulnerabilities helps us ensure the security and privacy of all our users.

There are a few guiding principles that we would really appreciate researchers adhering to:

Guidelines for Responsible Disclosure

We require that all researchers: If you follow these guidelines when reporting an issue to us, we commit to:

Scope

Out of scope


Any services hosted by third party providers and services are excluded from scope. These services include:

What is a qualifying vulnerability?

Web application vulnerabilities such as XSS, XXE, CSRF, SQLi, Local or Remote File Inclusion, authentication issues, remote code execution, and authorization issues, privilege escalation and clickjacking. The vulnerability must be in one of the services named in the Scope section above. You must be the first researcher to responsibly disclose the vulnerability and you must follow the responsible disclosure principles set out in this policy, which include giving us a reasonable amount of time to address the vulnerability. The reasonable amount of time will be agreed with you following the disclosure of the vulnerability.

What is not a qualifying vulnerability?

Each submission will be evaluated on a case-by-case basis, here is a list of some of the issues which don’t qualify as security vulnerabilities

How to report a security vulnerability?

If you believe you’ve found a security vulnerability in one of our products or platforms please report it by emailing our security team. Please include the following details with your report: