If you believe you have discovered a bug in Radar's security, please contact us at [email protected]. By submitting a report, you acknowledge understanding of, and agreement to, this Vulnerability Disclosure Policy.
We operate a reward program for responsibly disclosed vulnerabilities. A reward may be provided for the disclosure of qualifying bugs, depending on severity. Radar rewards the confidential disclosure of any design or implementation issue that could be used to compromise the confidentiality or integrity of our clients' or our clients' end users' data.
As with most security reward programs, we ask that you use common sense when looking for security bugs. Vulnerabilities must be disclosed to us privately with reasonable time to respond, and avoid compromise of other clients' or end users' data. We do not reward denial of service, spam, or social engineering vulnerabilities. Although Radar itself and all services offered by Radar are eligible, vulnerabilities in third-party applications that use Radar are not.
We request that you do not publicly disclose the issue. The team will review your report to ensure compliance with this policy. If your submissions is determined to be out of scope, it will be closed without action.
We will provide a status update once we have validated the submission and if we have decided to move forward. Please note that contacting our team to inquire about status of a submission will disqualify you from receiving a bounty for that submission. This includes posting on social media regarding a submission.
As with most security reward programs, we have a few restrictions:
The following types of submissions are NOT eligible for a reward: