Storyhunter Security Policies

Vulnerability Disclosure Policy

Storyhunter accepts reports of security vulnerabilities through HackerOne, or at security@storyhunter.com if you are not a member of the H1 program. We do not currently offer public bounties for the disclosure of vulnerabilities.

We are committed to responding to and addressing vulnerability reports promptly. We ask that you do not disclose any vulnerability you may discover until you have notified us and allowed adequate time to respond to the issue.  The amount of time required to respond may vary depending on the scope and nature of the report.

When submitting a vulnerability report please include:

  • Your full name
  • Your contact information (email, phone)
  • Affected properties or services
  • Technical details including steps to reproduce
  • A brief explanation of why you believe this is a security vulnerability
  • How did you discover the issue?
  • Any information you have about the public availability of information related to this issue

Research activity conducted in a professional manner that Storyhunter deems consistent with industry best practices and our stated guidelines will be considered authorized conduct by Storyhunter. Specifically, Storyhunter considers the following activities to be un-authorized:

  • Any attempt to exploit vulnerabilities in a way that impacts the safety or security of our users
  • Any activity that would be reasonably expected to impact the availability or integrity of services (DoS, physical attacks, etc.)
  • Any attempt to utilize exploits beyond what is necessary to discover and verify the vulnerability

Thanks, we appreciate your contribution to the security of our users and our services.