At Automox, we deeply value the importance of security research and the significant contributions it makes towards a secure future. With this in mind, we have established our Vulnerability Disclosure Program (VDP) as a secure and transparent avenue for the public to report any vulnerabilities they may uncover in our products or services.
What you can expect from Automox
You can expect the following from Automox when participating in the program:
What Automox requires of you
Rules of engagement
List of Banned Tools
The following tools are explicitly banned from use in our environment. Automox will update this list from time-to-time, so be sure to validate against the current list before using any new tool.
Please email email@example.com to report a vulnerability. By sending an email, you confirm that you meet the requirements of Automox's VDP. Include the following details within your report:
What not to do:
In-scope Systems and Services
Out of scope
The following domains identified here are considered out-of-scope and are not authorized for testing.
Vulnerabilities discovered or suspected in out-of-scope systems should be reported to the appropriate vendor or applicable authority.
Automox may offer a monetary reward for findings that identify a vulnerability that presents a significant business impact to our products, systems or services. Eligibility for monetary recognition is determined by calculating the internal severity of a finding against the potential impact to Automox and our customers. Monetary rewards for qualifying findings will range from $100 to $5000. We reserve the right, in our sole discretion, to determine if a vulnerability disclosure qualifies for a monetary reward.
If your report is determined to be valid and significant, the following rules apply:
Any activities conducted in a manner consistent with this program will be considered authorized conduct and we will not initiate legal action against you.