Practical Data embraces the idea that we all human. Mistakes will be made, but we can rely on each other to make the world a better place. Our vulnerability reporting program provides a path for security researchers and freelancers to report issues and potentially receive a reward for their contribution to the ongoing security of our services.
Practical Data uses Bugcrowd's Vulnerability Rating Taxonomy (https://bugcrowd.com/vulnerability-rating-taxonomy) as our initial guide for prioritizing and classifying vulnerabilities. Please note that this is used as guide for classification, but our team will ultimately determine the priority and severity of any reported issues.
Please email us at vulnerability@practicaldata.com"
Many sites/domains use our PD/ONE services. Reports relating to the security of any of our services running on those sites should be reported here. You may have reached this page after being referred by a site (domain) that uses our software. Please work directly with us to report your vulnerability. In the event that the reported vulnerability is not related to our software, we will refer the issue to the site in question so that they can handle it or refer it to the correct partner.
To be eligible, you must provide a demonstrable security issue with example code to reproduce the issue. Qualifying issues include:
Based on the severity of the bug (based on our sole discretion), we offer the following rewards:
Severity P1: $600
Severity P2: $250
Severity P3: $100
Severity P4 & P5: A heartfelt thank you and potentially some reward if our team thinks it is warranted.