Introduction

Realigned Technologies has an active, private bug bounty program on Bugcrowd.com. In this document we want to outline the scope as well as the rewards, focus areas and remediation due dates of our bug bounty program for full transparency.

Scope

The following applications are in scope of the bug bounty program:

• Advanced Story Maps for Jira
• Story Maps for Jira - Free
• Denkplan Portfolio Maps for Jira

Focus Areas

Below is a list of some of the vulnerability classes that we are seeking reports for:

• Cross Instance Data Leakage/Access**
• Server-side Remote Code Execution (RCE)
• Server-Side Request Forgery (SSRF)
• Stored/Reflected Cross-site Scripting (XSS)
• Cross-site Request Forgery (CSRF)
• SQL Injection (SQLi)
• XML External Entity Attacks (XXE)
• Access Control Vulnerabilities (Insecure Direct Object Reference issues, etc)
• Path/Directory Traversal Issues

Rating and Rewards

We use BugCrowd's standard rating system for security vulnerabilities as well as Atlassian's defined reward scheme for the marketplace security program. You can find more information here.

Remediation

We have defined our own bug fix policy which is more strict than the remediation due dates set by Atlassian. You can read more here.

Contact

If you want to participate in this program or have other questions, feel free to contact us via support portal or via email to info@realigned.io.