These Vulnerability Disclosure Programme (“VDP”) Terms set out the terms and conditions applicable to our Programme that allows unsolicited including setting out the Conduct you must adhere to in order to qualify for a Reward.
By submitting Findings relating to a potential Vulnerability you (referred to as “you” or the “Researcher” in these Terms) acknowledge that you accept these Terms and our Privacy Policy and you agree to be bound by them. If you do not accept them, you should not submit any Findings.
DEFINITIONSSome of the capitalised terms used in these VDP Terms are defined in the Appendix.
INFORMATION ABOUT USThe manager of this VDP is TruTrip. TruTrip’s details are as follows:
UPDATE AND MODIFICATION OF TERMS OF USETruTrip reserves the right to modify these Terms and the Privacy Policy at any time without giving prior notice. You should carefully read these Terms before submitting any Findings. In all circumstances, the acceptance of these Terms is an essential first step towards submitting any Findings. The most current Terms will be available at all times on our website or by emailing us at [email protected]
AUTHORITYBy submitting a Finding under this VDP, you represent and warrant that:
In the event you are under 18 years old, we will require additional information confirming the same representations and warrants are agreed by your parents/legal guardians.
CONDUCTIn submitting a Finding, you agree, accept and acknowledge to have followed the following conduct conditions.
You shall:
You shall NOT
SUBMISSION OF FINDINGSBy submitting a Finding(s) you represent that neither the Findings or our use of the Findings will infringe, misappropriate, or violate a third party’s intellectual property rights, or rights of publicity or privacy, or result in the violation of any applicable law or regulation, including export control laws.
All submissions shall be via TruTrip’s submission form or via email to [email protected]. If you believe a submission needs to be encrypted, please let us know to obtain an encryption key.
For a submission to be accepted, you must include as a minimum
REWARDSYou may be entitled to a monetary Reward for submitting a Finding. The value, in SINGAPORE DOLLARs, of the Reward is typically associated with the assessment of impact as follows:
You shall not be eligible for a Reward for Findings related to a Duplicate or Excluded Finding. TruTrip reserves the right to determine severity classifications, report validity, duplications, exclusions, and out-of-scope Findings in its sole discretion.
Reward value is set at the total and absolute discretion of TruTrip. TruTrip reserves the right to decrease or increase any Reward. Prior Rewards are not precedent for future payments.
You may remain anonymous by using a pseudonym. To be eligible to receive a Reward, however, you must provide TruTrip with accurate, complete, and up-to-date information about you, including your address and any other information that We reasonably request to allow Us to legally send any Reward to you. If you do not provide the reasonably required payment information within 21 days of request, You shall forfeit all Reward rights and claims.
TruTrip shall endeavour to process Reward(s) within 14 days of submission subject to all the required information being provided. However, no legal proceedings will be brought for unpaid Rewards relating to your Findings before the expiration of sixty (60) days after submission. No legal proceedings may be brought more than one (1) year after a submission was received.
EXCLUSIONSWe will not issue Rewards for
CONFIDENTIALITYAll Findings must be kept and treated as Confidential Information and cannot be disclosed publicly or to any third parties, until we have investigated and resolved the relevant issue you reported.
Any violation of this Confidentiality requirement shall disqualify you from any current and future participation in this VDP. For clarification, any violation of these confidentiality requirements shall mean you automatically DO NOT qualify for any Reward.
INTELLECTUAL PROPERTYBy making a Submission you hereby grant to TruTrip a perpetual, irrevocable, non-exclusive, transferable, sublicensable, worldwide, royalty-free license to use, copy, reproduce, display, modify, adapt, transmit, and distribute copies of that Submission.
INDEPENDENT PARTIES You warrant:
INDEPENDENCE OF CLAUSESIf any provision in these Terms of Use is held to be illegal, invalid or unenforceable in whole or in part in any jurisdiction, these Terms of Use shall, as to such jurisdiction, continue to be valid as to its other provisions and the remainder of the affected provision. The legality, validity and enforceability of such provision in any other jurisdiction shall be unaffected.
GOVERNING LAW AND JURISDICTION
APPENDIX – DEFINITIONS
Confidential Information
means any confidential or proprietary business or technical information about a party related to the Services or a Program, including the HackerOne Platform and the content of Finder Submissions. Confidential Information does not include any information that (i) was publicly known and made generally available in the public domain prior to the time of disclosure by the disclosing party; (ii) becomes publicly known and made generally available after disclosure by the disclosing party to the receiving party; (iii) is already in the possession the receiving party at the time of disclosure by the disclosing party; or (iv) is obtained by the receiving party from a third party without a breach of such third party’s obligations of confidentiality.
Duplicate Finding
A Duplicate Finding refers to when a Finding is already known by TruTrip. We publicly share most accepted and resolved Findings here. But in the event the Findings have not been fully resolved we may not share. TruTrip reserves the right to determine Duplicate Findings in its sole discretion.
Excluded Finding
An Excluded Finding refers to Findings related to the areas outlined in the section “EXCLUSIONS”. TruTrip reserves the right to determine Excluded Findings in its sole discretion.
Findings
A Finding is the identification and documentation of a potential Vulnerability.
When submitted, a Finding must include as a minimum
Reward
Refers to the monetary payment to be made to Researchers based on their findings. The value of the payments are indicatively shared in the section “REWARDS”.
Submission
Submission refers to sharing the information relating to a finding with TruTrip. This can be done via our online submission form or via email to [email protected]
VDP
Refers to this programme, the Vulnerability Disclosure Programme.
Vulnerability / Vulnerabilities
A “Vulnerability” is a weakness in our operating systems or software. Exploiting a vulnerability would allow someone or something to increase their access privileges to our operating systems or software, potentially in order to perform malevolent acts.
You can use our platform for free or speak to us to understand how we can help your business further.