Bug Bounty Program

Last Updated: August 23, 2024


At Ground Control Software Inc., we prioritize the security of our products and the protection of our customers. We encourage security researchers to responsibly disclose any vulnerabilities they find in our systems. To show our appreciation, we offer rewards for valid vulnerability reports through our Bug Bounty Program.

Scope
Our bug bounty program covers vulnerabilities in the following systems:- Ground Control's web application (https://app.gndctl.com)

Out of Scope
The following are considered out of scope for this program:
- Vulnerabilities in third-party services not managed by Ground Control
- Social engineering attacks (e.g., phishing)
- Denial of service (DoS) attacks
- Reports from automated tools or scanners without clear exploitability
- Physical attacks against Ground Control employees or assets

Responsible Disclosure
We require that any vulnerabilities be reported directly to us via email at [itsec@gndctl.com]. The following guidelines should be followed:
- Provide detailed steps to reproduce the vulnerability.
- Do not exploit the vulnerability beyond the proof-of-concept needed to demonstrate it.
- Give us a reasonable amount of time to address the issue before disclosing it to others.

Rewards
Rewards are based on the severity and impact of the vulnerability reported. The final reward amount will be determined at our discretion, with a maximum reward of up to $500.

Eligibility
To be eligible for a reward:
- The vulnerability must be previously unknown and not reported by another party.
- The report must include sufficient information to reproduce the vulnerability.
- You must comply with all applicable laws in connection with your testing and disclosure.

Legal
We will not pursue legal action against researchers who discover and report vulnerabilities in good faith and follow the rules of our bug bounty program.

Conclusion
We appreciate the efforts of the security community in making our products safer. Thank you for helping us protect our customers and improve our services.For any questions or clarifications, feel free to reach out to us at [itsec@gndctl.com]

Back to top