At Stackla, we take the security of our clients very seriously are devoted to protect the integrity of our application and the privacy of our customer data.

If you believe you have discovered a potential security vulnerability and/or weaknesses in the Stackla application or on any of Stackla’s domains, please help us promptly resolve the issue by reporting your findings to us in accordance with our responsible disclosure guidelines.

We do not currently have a bug bounty programme, however if you would like to participate in future programmes, please let us know and we will reach out to keep you updated.

Responsible disclosure guidelines

When performing security testing, exploration or analysis, please:

  • Make every reasonable effort to avoid service disruption (e.g. DoS), privacy violations (i.e. accessing a Stackla customer’s data), or data destruction.

  • Do not phish or social engineer employees or customers of Stackla.

  • Do not report unvalidated results from automated scanning tools.

  • Do not submit reports that require a high level of user cooperation or require the user to perform a large amount of unlikely or unreasonable actions.

  • Do not report vulnerabilities related to the reported version numbers of web servers, services, frameworks or languages.

When reporting, please:

  • Provide a clear, concise description of steps to allow us to reproduce the vulnerability. Details should include target URLs, request/response pairs, screenshots, proof-of-concept code and/or other relevant information.

  • Encrypt all submitted information (including any code or attachments) with our PGP key.

  • Provide us a reasonable time period to address the issue before any public disclosure, keeping in mind some issues take longer than others to resolve.

  • Do not demand compensation. We do not currently have a paid bug bounty program.

Reports submitted to Stackla are done so in good faith. By submitting information to us you agree that the process does not create any rights for you or any obligation for Stackla.

Furthermore, you agree the Information submitted will be considered non-proprietary and non-confidential and can be used in any manner by Stackla without any restriction.

To report a security vulnerability, send an email to: security (at) stackla.com. Please provide your name, contact information, company name (if applicable) and public PGP key to allow for secure communication.

Download Stackla’s PGP key.

For non-security related issues please contact support directly.

Did this answer your question?