Responsible Disclosure Policy

Rollbar aims to keep its Services safe for everyone, and data security is of utmost priority. If you are a security researcher and have discovered a security vulnerability in the Services, we appreciate your help in disclosing it to us in a responsible manner.

Rollbar will engage with security researchers when vulnerabilities are reported to us in accordance with this Responsible Disclosure Policy. We will validate, respond and fix vulnerabilities in accordance with our commitment to security and privacy. We won't take legal action against or suspend or terminate access to the Services of those who discover and report security vulnerabilities in accordance with this Responsible Disclosure Policy. Rollbar reserves all of its legal rights in the event of any noncompliance.

Capitalized terms used in this Responsible Disclosure Policy and not otherwise defined have the meaning ascribed to such terms in our Terms of Service.

Testing:

You may test only against an Account for which you are the Account owner or a Member authorized by the Account owner to conduct such testing. In no event are you permitted to access, download or modify data residing in any other Account or that does not belong to you or attempt to do any of the foregoing. You are also prohibited from:

Reporting:

Share the details of any suspected vulnerabilities with the Rollbar Security Team by sending an email to security@rollbar.com. Please do not publicly disclose these details without express written consent from Rollbar. In reporting any suspected vulnerabilities, please include the following information:

Compensation Requests:

Requests for monetary compensation in connection with any identified or alleged vulnerability will be deemed noncompliant with this Responsible Disclosure Policy.

Our Commitment:

If you identify a verified security vulnerability in compliance with this Responsible Disclosure Policy, Rollbar commits to:

Contributors:

Rollbar thanks the following individuals and organizations that have identified security vulnerabilities in accordance with this Responsible Disclosure Policy:

2017
Huy Kha http://twitter.com/huykha10
Zeel D. Chavda https://www.linkedin.com/in/chavdazeel/
Swapneil Kumar Dash https://www.linkedin.com/in/swapneil-dash-7256a5b0/
Muhammad Uwais https://twitter.com/muhd_uwais_
Nitesh Sharma https://www.linkedin.com/in/niteshusharma/
Shuaib Abidemi Oladigbolu @_sawzeeyy
Pethuraj M https://www.linkedin.com/in/pethu
Raja Uzair Abdullah https://www.facebook.com/RajaUzairAbdullah

2016
Deepali Malekar @cyndrela2009
Guilherme Scombatti @gui_scombatti
Mohammed Kaja Nawaz L J @nawazlj

2015
Pradeep Kumar https://www.facebook.com/pradeepch99
Shahmeer Amir maadssec.com
Manjesh S @Manjesh24
Manikandan Rajakumar @Mani22cars
Varun Chowdary exploitthesecurity.com
Hammad Qureshi and Huzaifa Jawaid @TheHmadQureshi
Mohammad Naveed https://www.facebook.com/Naveed.infosec
Osama Ansari @AnsariOsama10
Hussain Adnan Hashim @Hussain_infosec
Ranjeet Singh https://www.facebook.com/ranjeetsinghofficial
Indrajith.AN https://www.facebook.com/indrajith.cyberXdestroyer
Rafael Pablos http://silverneox.blogspot.com
Osama Mahmood http://osamamahmood.blogspot.com
Dushyant Sahu
Sai Shanthan Palvai @NahtnahS
kalpesh makwana https://www.twitter.com/makwanakalpesh2