Gatego's API Vulnerability Report Program is dedicated to enhancing the security of our platform by incentivizing the identification and reporting of potential cybersecurity vulnerabilities. Participants in this program can receive payouts ranging from $0 to $1,000, determined by the vulnerability's severity based on the Common Vulnerability Scoring System (CVSS).

Participation Agreement

Before submitting a vulnerability report, participants must sign an agreement (document is attached in this article) that outlines the program's terms, including confidentiality and ethical use commitments. This agreement ensures that all findings are reported responsibly and used to improve platform security. Please send this agreement to [email protected] for approval.

Compensation and Criteria

Compensation depends on the vulnerability's criticality, with the company's security team assessing and determining the payout. It's important to note that vulnerabilities previously reported by others, identified internally, or deemed as intended platform functionality are not eligible for payouts. This policy is in place to avoid duplications and reward truly novel findings.

Arbitration and Jurisdiction

In case of disputes, the program stipulates a negotiation period followed by binding arbitration in Texas, adhering to the American Arbitration Association's rules. This clause emphasizes the program's commitment to resolving issues fairly and within a legal framework.

Reporting Integrity

Gatego operates on an honor system, trusting participants to report new vulnerabilities. However, the company reserves the right to determine if a reported issue has already been submitted. This approach ensures fairness and encourages genuine contributions to the platform's security posture.