Welcome to Abeeway Bug Bounty

Our security team constantly works at keeping customer information secure. We recognize the important role that independent security researchers and our user community play in helping to keep Actility and its users secure. If you discover a vulnerability, please notify us using the guidelines below.

Our commitment​

We will respond to your submission as quickly as possible.

As we work to fix the bug you submitted, we will keep you updated.

If you play by the rules, we will never take legal action against you.

Our commitment​

Actility will pay a bounty for certain security bugs, as detailed below. All security bugs should follow the following general criteria to be eligible:

  • Security bugs must be original and previously unreported.
  • Security bugs must be a remote exploit, the cause of a privilege escalation, or an information leak.
  • Submitter must not be part of Actility’s team or any of its subcontractors.

Rules

  • Don’t attempt to gain access to another user’s account or data
    • Create as many accounts as required to proceed with your attempts
  • Don’t perform any attack that could harm the reliability/integrity of our services or data
    • DDoS/spam attacks are NOT accepted
  • Wait until a bug is fixed if you want to disclose it
    • Feel free to ping our security team if you want to query the status of a bug report
  • Only test for vulnerabilities located on Actility’s technologies, excluding CMS like wordpress
  • Do not impact other users with your testing
  • Do not use scanners or automated tools to find vulnerabilities
    • We ask you to demonstrate the vulnerability with a valid/reproductible example
  • Do not attempt non-technical attacks such as social engineering, phishing, or physical attacks against our users, employees, or infrastructure

Claiming a bounty

To claim a bounty :