AngelTrack pays cash bounties for security-related bugs found in the application.
If you find a security-related bug in the AngelTrack product, please call us and claim your reward.
Program Definition
AngelTrack LLC wishes to reward white-hat security researches for their efforts, and encourage responsible disclosure of vulnerabilities.
To that end, AngelTrack LLC pays a bounty for any security-related bugs or vulnerabilities reported to its headquarters, in the reasonable and customary manner for our industry.
The amount of the bounty paid for each confirmed report is subject to the sole discretion of AngelTrack LLC, but will in all cases be at least $100, and not more than $25,000.
No bounty will be paid for issues already reported by others, even if not yet fixed.
NO QUESTIONS ASKED. We will pay a bounty to anyone who responsibly reports a security issue to us.
Limitations
Our security focus is the main AngelTrack product.
Our public website and our training website are not part of the product, instead they are just freestanding Wordpress sites which contain little of value. If you find a bug in our public website or in our training website, we will still pay a bounty for it, but the stakes are low and so the bounty will reflect that. Your reward might just be an extra hour in the ball pit. That said, we have in the past paid as much as $200 for the discovery of a buggy plugin, so if you find something compelling then please call.
Before you begin any tests against our production cluster, call us first. Depending on your plans, we may require you to perform the tests during our scheduled maintenance window, or at least on a Sunday. In any case we want to know when you'll be working so that we can monitor things from our end to augment any discoveries you make. You will still get full credit for any issue that we find as a consequence of your efforts.
Please note, we have many customers, each with their own independent database. It is possible to find a security problem with one particular customer's deployment, which does not affect all other AngelTrack customers. We still want to hear about these problems if you find them, but if the problem is not the fault of AngelTrack LLC, then we will refer the matter to the customer's IT department to be addressed, and we will recommend to them that they pay you a bounty, however we do not guarantee that they will do so.
This the only bug bounty program offered by AngelTrack LLC. We previously had a posting on OpenBugBounty, but got flooded with trivial and duplicate requests about our Wordpress site, and so we had to discontinue the listing.