Information for Security Researchers
If you're a security researcher, please review our responsible disclosure policy before reporting any vulnerabilities.
If you believe you have found a security vulnerability on GiftCards.com, we encourage you to let us know right away. We will investigate all legitimate reports and do our best to quickly fix the problem.
Coordinated Disclosure Policy for Security Researchers
If you give the Company reasonable time within which to respond to your report of any vulnerabilities you have discovered in the Company's systems before making any information public, and make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of the Company's services during your research, we will not bring any lawsuit against you or ask law enforcement to investigate you.
- Valid bugs are typically web application vulnerabilities, including SQL injection, cross site scripting, cross site request forgery, authentication and authorization flaws, and security misconfigurations.
- Please do not test for social engineering or denial of service issues
- You must not violate any laws
- You must not disrupt any service
- You must not compromise anyone’s data
- Please restrict the scope of automated scanners on our site. These tools can generate bogus data in our systems, spam our team, and otherwise degrade our services. If you must use them, please make sure that you only scan specific pages or sections of our properties at any given time. We reserve the right to block abusive traffic.
- This program is not open to minors, or anyone who does not have the legal right to perform this sort of activity.
To show our appreciation for our security researchers, the Company may, from time to time, in its sole discretion, pay a monetary bounty to a security researcher, for disclosure of certain significant vulnerabilities previously unknown to the Company. However, please be advised that the Company fully reserves the right to refuse to pay any monetary bounty whatsoever to any security researcher for any reason. We also reserve the right to cancel this program at any time.