We can't find the internet
Attempting to reconnect
Something went wrong!
Hang in there while we get back on track
SudoKid Bug Bounty Policy
This Bug Bounty Policy governs the bug bounty program offered by SudoKid Software & Media Inc. (“SudoKid”). You must agree to all of the terms included in this Bug Bounty Policy to claim any privilege under this Bug Bounty Policy. Please review the following terms carefully. If you do not agree with any of the following terms, do not participate in the bug bounty program.
If you have any questions or concerns about this Bug Bounty Policy, please contact us at security@sudokid.software.
1.0 Introduction
Security is core to our values, and we value the input of software developers acting in good faith to help us maintain a high standard for the security and privacy for our users. This includes encouraging responsible vulnerability research and disclosure. This Bug Bounty Policy sets out our definition of good faith in the context of researching and reporting vulnerabilities, and what you can expect from us in return for assisting us in maintaining the security of our products.
2.0 Expectations
When working with us according to this Bug Bounty Policy, you can expect us to:
- timely respond to you and work with you to understand and verify any vulnerability which you discover;
- work to remediate any validated vulnerability in a timely manner; and
- recognize your contribution to improving our security if you are the first to report a unique vulnerability, and your report triggers a code or configuration change.
3.0 In Scope Products
This Bug Bounty Policy applies to the following websites, software and/or services (the “In-Scope Products”) provided by SudoKid:
- sudokid.software
4.0 Your Obligations
To claim any of the Privileges under section 5.0 of this Bug Bounty Policy, you agree to:
- limit your research to only vulnerability research, wherein vulnerability research means testing for the purpose of discovering software bugs which compromise the security of the software;
- limit your vulnerability research to the In-Scope Products;
- report any vulnerability you discover to us by sending an email to security@sudokid.software describing the vulnerability in sufficient detail that we can reproduce and verify the vulnerability;
- report any vulnerability you discover to us within seven (7) days of discovering the vulnerability;
- keep the details of any vulnerability you discover confidential until we have publically disclosed the vulnerability;
- avoid violating the privacy of others, disrupting our systems, destroying data, and/or harming user experience while performing any vulnerability research;
- only access accounts and data which are your own or for which you have express permission from the account or data owner; and
-
if during your vulnerability research you obtain access to any account or data other than
your own or which you have express permission to access, you immediately:
- cease your research;
- permanently delete any unauthorized account information and/or data; and
- contact us at security@sudokid.software describing your research and the unauthorized account information and/or data accessed.
5.0 Privileges
If you adhere to each and every one of Your Obligations under section 4.0, we grant you the following privileges when performing vulnerability research:
- exemption from any restriction in the SudoKid End User License Agreement which is inconsistent with this Bug Bounty Policy and to the extent that the restriction is inconsistent with this Bug Bounty Policy;
- authority to access any SudoKid computer system required to perform your vulnerability research; authority to reproduce, transmit and store any of the In-Scope Products to perform vulnerability research; and
- consent under sections 30.63 and 41.15 of the Copyright Act to assess the vulnerability of the In-Scope Products.
To the extent we are legally permitted, we will not initiate or support any legal action against you for any vulnerability research that is conducted in compliance with this Bug Bounty Policy, or for any accidental, good faith violations of this Bug Bounty Policy.
6.0 Changes to this Policy
The most current version of this Bug Bounty Policy is available at https://sudokid.software/bug-bounty. We may revise this Bug Bounty Policy from time to time. However, changes to this Bug Bounty Policy will not be applied retrospectively, and you may rely upon any version of this Bug Bounty Policy during the time at which it is in force. However, by continuing to rely upon this Bug Bounty Policy, you agree to be bound by the most current Bug Bounty Policy.
If at any time you have concerns or are uncertain whether your security research is consistent with this policy, please contact us at security@sudokid.software before proceeding with any research.