Bug Bounty Program

Introduction

SkyDeck.ai is committed to ensuring the security and integrity of our platform. We understand the important role that independent security researchers play in maintaining the security of our platform. We encourage security researchers to examine and test our platform and report any vulnerabilities they may find. In recognition of their efforts, we provide a bug bounty program.

Scope

The scope of our bug bounty program is limited to vulnerabilities in SkyDeck.ai's platform and services available from the SkyDeck.ai domain. The scope includes all the features, functionalities, and tools mentioned on our website such as the AI Control Center, GenStudio, and any other services hosted on our domain.

Out of Scope

Any third-party websites, services, or platforms linked from our website are not in the scope of this program. Additionally, any physical attempts to compromise our system or social engineering attempts are also out of the scope.

Eligible Vulnerabilities

The following categories of vulnerabilities are eligible for our bug bounty program:

• Remote Code Execution (RCE)

• SQL Injection

• Cross-site Scripting (XSS)

• Cross-Site Request Forgery (CSRF)

• Server-side Request Forgery (SSRF)

• Insecure Direct Object References (IDOR)

• Authorization issues

• Information disclosure issues

Ineligible Vulnerabilities

The following categories of vulnerabilities are not eligible for our bug bounty program:

• Denial of Service (DoS / DDoS) vulnerabilities

• Spamming

• Clickjacking on pages with no sensitive actions

• Unconfirmed reports from automated vulnerability scanners

• Issues related to software or protocols not under SkyDeck.ai's control

Reporting a Vulnerability

To report a vulnerability, please send an email to security@skydeck.ai with the following information:

• Detailed steps to reproduce the vulnerability

• The potential impact of the vulnerability

• Any potential mitigations or fixes for the vulnerability

• Your contact information

Reward

We offer a reward of $20 to $100 for vulnerabilities, depending on severity and impact. We determine the exact amount on a case-by-case basis.

Rules

• You must not violate the privacy of any user data, disrupt our services, or cause harm to our users or systems.

• You must not disclose the vulnerability to anyone else until we've had a reasonable amount of time to fix it.

• You must be the first person to report the vulnerability to be eligible for a reward.

Legal

By participating in the bug bounty program, you agree to comply with all applicable laws and regulations. You also agree not to exploit any vulnerability you discover for any purpose other than reporting it to us.