DarkHorse Security At The Speed Of You.
Pricing Login Register

Engagement Summary



QuikLinks

Introduction
Testing Guidance
Asset List
Notes

Methodology Checklist

Your Submissions

DarkHorse



Status: Live
Start Date: July 22, 2024, 10:34 a.m.

Introduction



Thanks so much for visiting our VDP page! Nobody is perfect, and we won't pretend we are either. We're sure there are things we missed as we built DarkHorse (though we do hope they're minor in severity), and would love to know about them. Please use this disclosure program to report any issues you are able to identify! We're currently operating on a very tight budget, so we're not able to guarantee any rewards, but we'd love to honor your contribution in some way (whether with a shout out or some other means)!

Testing Guidance



This Responsible Vulnerability Disclosure Program is a submission portal where you can responsibly report security vulnerabilities that you've identified against assets belonging to our organization.

Note that reporting vulnerabilities here does not entitle the reporter to any compensation. It is also requested that as part of your responsible disclosure, if you intend to publish your work here, that you work with us to coordinate on timing, patching, and so forth - so as to not jeopardize our organization or userbase.

If you have any questions, please reach out, and we'll do our best to reply.

Note that this form is only for reporting security vulnerabilities. Please DO NOT submit any support inquiries, UI/UX issues, etc. Furthermore, please DO NOT include any sensitive information in your report (personal emails, account numbers, credit cards, etc). Thank you for helping keep us and the internet secure!

Assets


Default Target Group

Asset: DarkHorse
Location: Any asset demonstrably belonging to DarkHorse

Notes



Notes for tester:
No credentials are provided, but you may self-provision as many tester and client creds as you need (though please keep it to less than ten in total). You may not steal, borrow, or use leaked credential to perform testing - though you may report leaked credentials as an independent security concern.

Areas of focus:
Anything that could result in a bad actor gaining access to files or information that they shouldn't otherwise have access to!

Do-NOT-Touch areas:
Please don't create spam or test for DDoS. Additionally, please only target accounts that you own. Please don't target accounts belonging to other testers or organizations.

Safe Harbor



When conducting vulnerability research, according to this policy, we consider this research conducted under this policy to be:

  • Authorized concerning any applicable anti-hacking laws, and we will not initiate or support legal action against you for accidental, good-faith violations of this policy;
  • concerning any relevant anti-circumvention laws, and we will not bring a claim against you for circumvention of technology controls;
  • Exempt from restrictions in our Terms of Service (TOS) and/or Acceptable Usage Policy (AUP) that would interfere with conducting security research, and we waive those restrictions on a limited basis; and
  • Lawful, helpful to the overall security of the Internet, and conducted in good faith.
You are expected, as always, to comply with all applicable laws. If legal action is initiated by a third party against you and you have complied with this policy, we will take steps to make it known that your actions were conducted in compliance with this policy.

If at any time you have concerns or are uncertain whether your security research is consistent with this policy, please submit a report through one of our Official Channels before going any further.

Note that the Safe Harbor applies only to legal claims under the control of the organization participating in this policy, and that the policy does not bind independent third parties.


© 2024 DarkHorse Security, LLC. DarkHorse: Let's Ride. All rights reserved. CURRENTLY IN OPEN BETA | Need Help? | Report a Vulnerability