At theFactor.e we consider the security of our systems a top priority. Our continuous ISO 27001 efforts and certificate are an example of the importance we place upon security and privacy. But we are aware that there are always possible vulnerabilities that are overlooked or have been newly introduced into the environment.
As of Monday the 9th of april 2024, we no longer run a bug bounty program. Any bugs / vulnerabilities / etc reported after this date will not be rewarded.
In the past we actively ran a ‘Ethical Disclosure’ procedure, where anyone worldwide could make us aware of potential issues, and receive a bounty. Right now we are in the process of streamlining this process better, by indicating certain areas and even environments that we see being of interest for our program.
Unfortunately, for now, this means we do not have an active Ethical Disclosure program. No bounties shall be paid during this time.