Deed takes the security of our users seriously. We follow industry standards and are compliant with local regulation and security frameworks. For more information on these, see our Trust and Compliance page.
We want to work with members of the broader internet ecosystem to ensure a high-level of safety for all internet users, and we are always looking for feedback and reports of potential security vulnerabilities.
Reporting Potential Vulnerabilities
If you believe you have found a vulnerability in our system, please send us an email at firstname.lastname@example.org.
We don't have a bug bounty program with payouts because we don't believe in exploiting unpaid labor for unspecified payments. We make the choice to pay pentesters. However, to show our thanks if you find a vulnerability, we can send you some Deed swag and put you in our Security Hall of Fame.
Things to include in your vulnerability report are:
Parts of the application that are out of scope for acceptance into the Hall of Fame are:
If you are going to engage in security research on our product, we ask the following of you:
Security Hall of Fame
Deed doesn't have a bug bounty program, but we want to publicly acknowledge the researchers who have found vulnerabilities and responsibly disclosed them to us.
(The Hall of Fame is empty at the moment, so poke around our app and become the first.)