XRUN Security Bounty awards are granted solely at our exclusive
discretion. Any awards not accepted within one year, or waived,
shall become ineligible for issuance. At our sole discretion, we may
donate the value of such waived or other ineligible awards
consistent with our charitable giving programs and policies. XRUN
reserves the right to immediately remove you from the XRUN Security
Bounty program if you violate any of these terms and conditions as
determined by XRUN, or if you violate any terms associated with the
use of your XRUN ID.
This includes sending any harassing, threatening, or unlawful
messages to XRUN. Any such messages may be reported to relevant law
enforcement entities.
The XRUN Security Bounty program extends to security research
covering all XRUN products and public-facing services, except
research involving any of the following:
XRUN Pay
Any non-public-facing XRUN system
Phishing, social engineering, or similar techniques
The XRUN Security Bounty program does not extend to third-party
services. You must not disrupt, compromise, inappropriately access,
store, or damage:
Data or property (including a device) that you do not own, unless
the data or property owner has given you express, written consent to
disrupt, compromise, or damage the data or property; or
XRUN services in a manner that can adversely affect other users.
Adverse effects solely impacting you are allowed.
For a reported security vulnerability affecting any XRUN platform to
be eligible for an XRUN Security Bounty award, you must not disclose
it to anyone other than XRUN until after XRUN has released a
software update and published a security advisory for the reported
security vulnerability.
A participant in the XRUN Security Bounty program will not be deemed
to be in breach of applicable XRUN license provisions which provide
that a user of XRUN software may not copy, decompile, reverse
engineer, disassemble, attempt to derive the source code of,
decrypt, modify, or create derivative works of such XRUN software,
for in-scope actions performed by that participant where all of the
following are met:
The actions were performed strictly during participation in the XRUN
Security Bounty program;
The actions were performed during good-faith security research,
which was — or was intended to be — responsibly reported to XRUN;
and
Neither the actions nor the participant have otherwise violated or
exceeded the scope of these terms and conditions.
You must comply with all applicable laws (including directives,
regulations, and ordinances), including those of the country or
region in which you reside or in which you download or use XRUN
software or services.
XRUN Security Bounty awards may not be paid to you if you are in any
U.S. embargoed countries or on the U.S. Treasury Department’s list
of Specially Designated Nationals, the U.S. Department of Commerce
Denied Person’s List or Entity List, or any other restricted party
lists.
You are responsible for the payment of all applicable taxes.