Acrolinx vulnerability reward program

Learn more

Acrolinx vulnerability reward program

Thank you for coming here to report vulnerabilities securely and ethically you’ve identified in Acrolinx’s information system(s). We appreciate your contribution to our information security program and promise to review, analyze, and respond to your report.

Please note that your submission is governed by the following conditions and rules, by submitting the report you consent to these rules:

Services in scope

  • Acrolinx company website
  • Other Acrolinx public websites

Rules and terms 

  1. Be the first one to report the issue to us. Only the first reporter will be recognized.
  2. Don’t attempt to use social engineering, spam, and distributed denial of service (DDOS) attacks.
  3. Any bug disclosure communications with Acrolinx’s Security Team are to remain confidential. Researchers must destroy all artifacts created to document vulnerabilities (videos, screenshots) after the bug has been disclosed to Acrolinx and Acrolinx has responded to the disclosure.
  4. Zero-day vulnerabilities or recently published CVE will not be considered eligible unless more than 90 days have passed since patch availability.
  5. Your report must contain sufficient information including a proof-of-concept screenshot, video, or code snippet where needed and a step-by-step description to reproduce the vulnerability.

Please send your reports by email to Infosec.Report@acrolinx.com and encrypt it using our public PGP key HERE.

Please always provide the following information additionally to your report. 

  • Reporters Name 
  • Reporter’s Email
  • Vulnerability Type 
  • Vulnerability Description
  • Domain/SubDomain or a System Identifier
  • Steps to Reproduce

Acrolinx, during the analysis of the report, may need to contact you for further information.

Please note, currently Acrolinx is able to payout monetary honorarium only via bank transfer.

Upon completion of our analysis, Acrolinx may in its sole discretion and subject to all applicable laws and regulations, issue the reporter a monetary honorarium as a gesture of appreciation.  The amount of a reward will be based on, but not limited to, the quality of the report, difficulty in identifying the vulnerability, our severity rating of the vulnerability, the impact and likelihood of an exploit, your cooperation with the investigation including responses to follow up questions, and the value of the data assets on the affected system(s). Acrolinx commits to treating all legitimate and bona fide reports, made in good faith, with professionalism and respect.

Some vulnerabilities may require in-depth investigation and the engagement of security professional(s).  For that reason, please allow us 15 days to respond before sending an inquiry on the report. 

Have a question about our security program?

Get in touch today!

Contact us

Acrolinx uses cookies to optimize the website and marketing efforts. Further information can be found in our privacy notice.

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close