PIA Whitehat Alert Security Program
Do The Right Thing
If you believe you have discovered a vulnerability, we encourage you to follow whitehat practices and practice responsible disclosure, by informing us right away. We prioritize the investigation of reports and harden our systems if they are legitimate.
Rewards for Being Skilled
In order to provide a reward to whitehat security researchers and multi-hat wearing security researchers alike, we would like to offer a monetary prize, anonymously, in Bitcoin to an address you may specify. If you would like to have recognition by name, or nickname, we will also be happy to interview you on our blog. Some examples of potential rewards include $5,000+ for confirmed, unique SHELL access or SQL access like vulnerabilities. Each report will be examined on a case by case basis for legitimacy and severity. Note that at this time, forum software vulnerabilities are not eligible for this program; we encourage you to report them directly to the Vanilla Forums developers.
In addition, if you provide us time to respond to your discovery and do not damage our systems, then we will not pursue any criminal charges. Please e-mail firstname.lastname@example.org.