Welcome to Discover Responsible Disclosure
By responsibly submitting your findings to Discover in accordance with these guidelines, Discover agrees not to pursue legal action against you. Discover reserves all legal rights in the event of noncompliance with these guidelines.
- Responsible Disclosure Policy:
This page is for security researchers interested in reporting application security vulnerabilities.
If you have reported an issue determined to be within program scope, is determined to be a valid security issue, and you have followed program guidelines, Discover will recognize your finding and you will be allowed to disclose the vulnerability after a fix has been issued.
- Typical Vulnerabilities Accepted:
- OWASP Top 10 vulnerability categories
- Other vulnerabilities with demonstrated impact
- Typical Out of Scope:
- Theoretical vulnerabilities
- Informational disclosure of non-sensitive data
- Low impact session management issues
- Self XSS (user defined payload)
For a full list of program scope please visit the Responsible Disclosure details page.
- Responsible Disclosure Guidelines:
- Work directly with Discover on vulnerability submissions
- Provide detailed description of a proof of concept to detail reproduction of vulnerabilities
- Do not engage in disruptive testing like DoS or any action that could impact the confidentiality, integrity or availability of information and systems
- Do not engage in social engineering or phishing of customers or employees
- Do not request compensation for time and materials or vulnerabilities discovered