SECURITY RESEARCH
RESPONSIBLE DISCLOSURE
We value the security research community. Report vulnerabilities responsibly and help us protect our users. Eligible reports may qualify for rewards.
Disclosure Process
1
Discover
Find a potential security vulnerability in G3TI systems or products.
2
Document
Create a detailed report including steps to reproduce, impact assessment, and any proof of concept.
3
Submit
Send your report through our secure submission form or encrypted email.
4
Acknowledge
We'll acknowledge receipt within 24 hours and begin our investigation.
5
Collaborate
Work with our security team to validate and remediate the issue.
6
Resolve
Once fixed, we'll notify you and discuss public disclosure timeline.
Program Scope
In Scope
- ✓G3TI web applications and APIs
- ✓Authentication and authorization flaws
- ✓Data exposure vulnerabilities
- ✓Injection vulnerabilities (SQL, XSS, etc.)
- ✓Business logic flaws
- ✓Cryptographic weaknesses
Out of Scope
- ✗Social engineering attacks
- ✗Physical security issues
- ✗Denial of service attacks
- ✗Third-party services
- ✗Issues requiring physical access
- ✗Spam or phishing attempts
Reward Tiers
Critical$5,000 - $15,000
- RCE
- Authentication bypass
- Data breach
High$2,000 - $5,000
- Privilege escalation
- Sensitive data exposure
Medium$500 - $2,000
- XSS
- CSRF
- Information disclosure
Low$100 - $500
- Minor info leaks
- Best practice violations
Guidelines
Do
- ✓Test only against your own accounts
- ✓Stop testing if you access user data
- ✓Report vulnerabilities promptly
- ✓Provide detailed reproduction steps
- ✓Allow reasonable time for remediation
Don't
- ✗Access or modify other users data
- ✗Perform destructive testing
- ✗Use automated scanning tools excessively
- ✗Disclose before remediation
- ✗Demand payment for disclosure
Submit a Report
Or email us directly at
info@global3technology.com
PGP key available upon request