You are hacking on: LaunchDarkly

Powered by:

Allows bounty splitting:

Average time to first program response: 21

Average time to bounty awarded null: 13

Average time to report resolved: 20

Handle launchdarkly

Managed program: true

Name: LaunchDarkly

Offers bounties: true

Offers swag: false

Response efficiency percentage: 96

Submission state: open

Url: https://hackerone.com/launchdarkly

Website: https://launchdarkly.com

In scope:

Asset identifier: LaunchDarkly Open Source SDKs

Asset type: SOURCE_CODE

Availability requirement: high

Confidentiality requirement: high

Eligible for bounty: true

Eligible for submissions: true

Instruction: Our SDKs are open source and are available on Github (e.g. [React client SDK](https://github.com/launchdarkly/react-client-sdk)). We encourage researchers to dig into the open source code if interested. However, we will **not** be accepting the following types of findings: - Findings related to non-SDK repositories (i.e., repos not ending in `-sdk`) - Vulnerability/dependency scan results of our source code. Please try and dig into our source code more deeply than just reporting a scan result that we may already be aware of.

Integrity requirements: high

Max severity: critical

Asset identifier: app.launchdarkly.com

Asset type: URL

Availability requirement:

Confidentiality requirement:

Eligible for bounty: true

Eligible for submissions: true

Instruction:

Integrity requirements:

Max severity: critical

Asset identifier: events.launchdarkly.com

Asset type: URL

Availability requirement:

Confidentiality requirement:

Eligible for bounty: true

Eligible for submissions: true

Instruction:

Integrity requirements:

Max severity: critical

Asset identifier: stream.launchdarkly.com

Asset type: URL

Availability requirement:

Confidentiality requirement:

Eligible for bounty: true

Eligible for submissions: true

Instruction:

Integrity requirements:

Max severity: critical