These Vulnerability Disclosure Programme (“VDP”) Terms set out the terms and conditions applicable to our Programme that allows unsolicited including setting out the Conduct you must adhere to in order to qualify for a Reward.
DEFINITIONSSome of the capitalised terms used in these VDP Terms are defined in the Appendix.
INFORMATION ABOUT USThe manager of this VDP is TruTrip. TruTrip’s details are as follows:
AUTHORITYBy submitting a Finding under this VDP, you represent and warrant that:
In the event you are under 18 years old, we will require additional information confirming the same representations and warrants are agreed by your parents/legal guardians.
CONDUCTIn submitting a Finding, you agree, accept and acknowledge to have followed the following conduct conditions.
You shall NOT
SUBMISSION OF FINDINGSBy submitting a Finding(s) you represent that neither the Findings or our use of the Findings will infringe, misappropriate, or violate a third party’s intellectual property rights, or rights of publicity or privacy, or result in the violation of any applicable law or regulation, including export control laws.
All submissions shall be via TruTrip’s submission form or via email to [email protected]. If you believe a submission needs to be encrypted, please let us know to obtain an encryption key.
For a submission to be accepted, you must include as a minimum
REWARDSYou may be entitled to a monetary Reward for submitting a Finding. The value, in SINGAPORE DOLLARs, of the Reward is typically associated with the assessment of impact as follows:
You shall not be eligible for a Reward for Findings related to a Duplicate or Excluded Finding. TruTrip reserves the right to determine severity classifications, report validity, duplications, exclusions, and out-of-scope Findings in its sole discretion.
Reward value is set at the total and absolute discretion of TruTrip. TruTrip reserves the right to decrease or increase any Reward. Prior Rewards are not precedent for future payments.
You may remain anonymous by using a pseudonym. To be eligible to receive a Reward, however, you must provide TruTrip with accurate, complete, and up-to-date information about you, including your address and any other information that We reasonably request to allow Us to legally send any Reward to you. If you do not provide the reasonably required payment information within 21 days of request, You shall forfeit all Reward rights and claims.
TruTrip shall endeavour to process Reward(s) within 14 days of submission subject to all the required information being provided. However, no legal proceedings will be brought for unpaid Rewards relating to your Findings before the expiration of sixty (60) days after submission. No legal proceedings may be brought more than one (1) year after a submission was received.
EXCLUSIONSWe will not issue Rewards for
CONFIDENTIALITYAll Findings must be kept and treated as Confidential Information and cannot be disclosed publicly or to any third parties, until we have investigated and resolved the relevant issue you reported.
Any violation of this Confidentiality requirement shall disqualify you from any current and future participation in this VDP. For clarification, any violation of these confidentiality requirements shall mean you automatically DO NOT qualify for any Reward.
INTELLECTUAL PROPERTYBy making a Submission you hereby grant to TruTrip a perpetual, irrevocable, non-exclusive, transferable, sublicensable, worldwide, royalty-free license to use, copy, reproduce, display, modify, adapt, transmit, and distribute copies of that Submission.
INDEPENDENT PARTIES You warrant:
GOVERNING LAW AND JURISDICTION
APPENDIX – DEFINITIONS
means any confidential or proprietary business or technical information about a party related to the Services or a Program, including the HackerOne Platform and the content of Finder Submissions. Confidential Information does not include any information that (i) was publicly known and made generally available in the public domain prior to the time of disclosure by the disclosing party; (ii) becomes publicly known and made generally available after disclosure by the disclosing party to the receiving party; (iii) is already in the possession the receiving party at the time of disclosure by the disclosing party; or (iv) is obtained by the receiving party from a third party without a breach of such third party’s obligations of confidentiality.
A Duplicate Finding refers to when a Finding is already known by TruTrip. We publicly share most accepted and resolved Findings here. But in the event the Findings have not been fully resolved we may not share. TruTrip reserves the right to determine Duplicate Findings in its sole discretion.
An Excluded Finding refers to Findings related to the areas outlined in the section “EXCLUSIONS”. TruTrip reserves the right to determine Excluded Findings in its sole discretion.
A Finding is the identification and documentation of a potential Vulnerability.
When submitted, a Finding must include as a minimum
Refers to the monetary payment to be made to Researchers based on their findings. The value of the payments are indicatively shared in the section “REWARDS”.
Submission refers to sharing the information relating to a finding with TruTrip. This can be done via our online submission form or via email to [email protected]
Refers to this programme, the Vulnerability Disclosure Programme.
Vulnerability / Vulnerabilities
A “Vulnerability” is a weakness in our operating systems or software. Exploiting a vulnerability would allow someone or something to increase their access privileges to our operating systems or software, potentially in order to perform malevolent acts.
You can use our platform for free or speak to us to understand how we can help your business further.
Copyright © 2022 TruTrip. All rights reserved