Bug Bounty Program
As part of our commitment to security at Avantra, we reward researchers who share the details of critical security issues within our Software with us. We make it a priority to resolve confirmed issues as quickly as possible in order to best protect our customers.
Reported issues must adhere to the following criteria:
Relate to Avantra software products
Be completely disclosed to the Avantra team including steps to reproduce
Our team must be able to reproduce the disclosure in our lab using a standard configuration
The reported issue must be new (not already disclosed to Avantra)
The researcher must keep the details of the issue confidential until we have had a chance to reproduce, analyse and issue a fix to our customers*
The researcher must provide valid contact information for us to reach out and discuss or clarify the information provided.
These eligibility rules are meant to protect our customers until an update is available, ensuring Avantra can verify reports, create necessary updates and correctly reward those doing original research.
Bounty categories and payments
* We typically try to adhere to the industry standard of a 90-day non-disclosure period to allow for sufficient time to rectify the issue.