Bug Bounties


Powered by: 

Allows bounty splitting: 

Average time to first program response: 6

Average time to bounty awarded null: 

Average time to report resolved: 118

Handle lacework

Managed program: true

Name: Lacework

Offers bounties: false

Offers swag: false

Response efficiency percentage: 90

Submission state: open

Url: https://hackerone.com/lacework

Website: http://www.lacework.com

In scope:

  • Asset identifier: *.lacework.net
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: 
  • Max severity: critical

  • Asset identifier: www.lacework.com
  • Asset type: URL
  • Availability requirement: medium
  • Confidentiality requirement: none
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: Our website is hosted externally by WPEngine. Issues within this application or regarding our content should be reported here. No security testing should be done against the platform itself. Any security issues found within the platform should be reported [directly to WPEngine](https://hackerone.com/wpengine). Exclusions: * Reports of xmlrpc.php being enabled will not be accepted without a POC of a actual exploit. * Reports of user enumeration or information disclosure via `/wp-json/wp/v2/users/` will also not be accepted as this is by design in the Wordpress platform and used to populate information about post authors.
  • Integrity requirements: low
  • Max severity: high