At Tilaa, we take the security of our products and services very seriously. We understand the importance of identifying and addressing vulnerabilities and security issues promptly to protect our customers and users. While we greatly appreciate the efforts of security researchers and ethical hackers who work to improve the security landscape, we regret to inform you that we do not currently offer a bug bounty program.
Why we don't have a Bug Bounty program:
1. Internal Security Team:
At Tilaa, we maintain a dedicated internal security team that is responsible for continuously monitoring and assessing the security of our systems, applications, and infrastructure. This team is well-equipped to handle security vulnerabilities and incidents promptly.
2. Responsible Disclosure:
We encourage responsible disclosure of security vulnerabilities. If you discover a security issue within our products or services, we kindly request that you report it to us directly. We are committed to working with the security community to address and resolve any vulnerabilities in a responsible and efficient manner.
3. Resource Allocation:
We allocate resources and efforts towards proactive security measures and continuous improvement of our security posture. While we appreciate the contributions of security researchers, we focus on maintaining a robust security framework within our organization.
4. Legal and Liability Concerns:
Implementing a bug bounty program involves legal and liability considerations that require careful planning and management. By not having a bug bounty program, we can avoid potential legal complexities and challenges.
How to Report a Security Issue:
If you discover a security vulnerability within our products or services, we appreciate your responsible disclosure. Please follow these steps to report the issue:
1. Contact our Support Team:
Send an email to firstname.lastname@example.org with detailed information about the vulnerability, including steps to reproduce it, any potential impact, and any supporting evidence.
2. Sensitive data:
Please do not send sensitive data, such as Personally Identifiable Information, but instead report that you have found sensitive data.
3. Response Time:
Our Support team will acknowledge your report and work to validate and address the issue as quickly as possible. We will keep you updated on our progress throughout the resolution process.
While we do not have a bug bounty program, we greatly value the contributions of the security community. Depending on the severity and impact of the vulnerability, we may offer recognition or thanks in our security advisories or public acknowledgments.
At Tilaa, we prioritize the security and privacy of our customers and users. While we do not operate a bug bounty program, we encourage responsible disclosure and are committed to addressing security vulnerabilities promptly and effectively. We appreciate the support of the security community in helping us maintain a secure environment for all our stakeholders.