Vulnerability Disclosure Program (VDP)

Introduction

ChartMogul is committed to the security of our customers and their data. We work with security researchers worldwide to keep our platform safe. If you have discovered a security issue affecting our services, please let us know, and we'll act immediately.

We support Coordinated Vulnerability Disclosure as our bi-directional communication framework with security researchers.

This program describes how ChartMogul works with the security community to find and responsibly report security vulnerabilities.

Currently, we do not have a bug bounty program and do not offer monetary rewards for vulnerability reporting.

Scope

Conditions

Security researchers must not:

Issues Not to Report

The following is a non-exhaustive list of issues that you should not report unless you believe there is an actual vulnerability:

How to Submit a Vulnerability

Please submit vulnerability reports to ChartMogul’s Security Team at security@chartmogul.com.

Recognition

ChartMogul may publicly recognize authors who report valid vulnerabilities on our upcoming Hall of Fame page at our sole discretion.

Safe Harbor

ChartMogul will not take legal action against security researchers who submit vulnerability reports following the terms and conditions of this program. However, failure to abide by the terms and conditions of this program will result in the loss of being considered a security researcher hereunder.

ChartMogul reserves the sole right to terminate or modify the terms and conditions of this program at any time. By reporting a security vulnerability to ChartMogul, you agree to the then-current terms and conditions of this program and Terms of Service, Privacy Policy, and any other public policies of ChartMogul.

Updated: May 25, 2023