submit bug report: https://www.xfinity.com/vulnerabilityreport
Comcast Security: Responsible Disclosure Policy
Responsible Disclosure Philosophy
Comcast believes effective responsible disclosure of security vulnerabilities requires mutual trust, respect, transparency and common good between Comcast and Security Researchers. Together, our vigilant expertise promotes the continued security and privacy of Comcast customers, products, and services.

Security Researchers
Comcast accepts vulnerability reports from all sources such as independent security researchers, industry partners, vendors, customers and consultants. Comcast defines a security vulnerability as an unintended weakness or exposure that could be used to compromise the integrity, availability or confidentiality of our products and services.

Our Commitment to Researchers
Trust. We maintain trust and confidentiality in our professional exchanges with security researchers.
Respect. We treat all researchers with respect and recognize your contribution for keeping our customers safe and secure.
Transparency. We will work with you to validate and remediate reported vulnerabilities in accordance with our commitment to security and privacy.
Common Good. We investigate and remediate issues in a manner consistent with protecting the safety and security of those potentially affected by a reported vulnerability.
What We Ask of Researchers
Trust. We request that you communicate about potential vulnerabilities in a responsible manner, providing sufficient time and information for our team to validate and address potential issues.
Respect. We request that researchers make every effort to avoid privacy violations, degradation of user experience, disruption to production systems, and destruction of data during security testing.
Transparency. We request that researchers provide the technical details and background necessary for our team to identify and validate reported issues, using the form below.
Common Good. We request that researchers act for the common good, protecting user privacy and security by refraining from publicly disclosing unverified vulnerabilities until our team has had time to validate and address reported issues.
Vulnerability Reporting
Comcast recommends that security researchers share the details of any suspected vulnerabilities using the web form below. The Comcast Security team will acknowledge receipt of each vulnerability report, conduct a thorough investigation, and then take appropriate action for resolution. To encrypt a submission via email, use the public key provided on this page.

submit bug report: https://plot.ly

Please see our security policy at the "Policy" URL below.
Policy: http://help.plot.ly/security/

submit bug report

Bug Bounty
Although our team of experts has made every effort to squash all the bugs in our systems, there's always the chance that we might have missed one posing a significant vulnerability. If you discover a bug, we appreciate your cooperation in responsibly investigating and reporting it to us so that we can address it as soon as possible. For significant bugs, we offer reward and recognition on our Wall of Fame (below).
Responsible Investigation and Reporting
Responsible investigation and reporting includes, but isn't limited to, the following:
Don't violate the privacy of other users, destroy data, disrupt our services, etc.
Only target your own accounts in the process of investigating the bug. Don't target, attempt to access, or otherwise disrupt the accounts of other users.
Don't target our physical security measures, or attempt to use social engineering, spam, distributed denial of service (DDOS) attacks, etc.
Initially report the bug only to us and not to anyone else.
Give us a reasonable amount of time to fix the bug before disclosing it to anyone else, and give us adequate written warning before disclosing it to anyone else.
In general, please investigate and report bugs in a way that makes a reasonable, good faith effort not to be disruptive or harmful to us or our users. Otherwise your actions might be interpreted as an attack rather than an effort to be helpful.
Eligibility
Generally speaking, any bug that poses a significant vulnerability, either to the security of our site or the integrity of our trading system, could be eligible for reward. But it's entirely at our discretion to decide whether a bug is significant enough to be eligible for reward.
Security issues that typically would be eligible (though not necessarily in all cases) include:
Cross-Site Request Forgery (CSRF)
Cross-Site Scripting (XSS)
Code Injection
Remote Code Execution
Privilege Escalation
Authentication Bypass
Clickjacking
Leakage of Sensitive Data
Ineligibility
Things that are not eligible for reward include:
Vulnerabilities contingent on physical attack, social engineering, spamming, DDOS attack, etc.
Vulnerabilities affecting outdated or unpatched browsers.
Bugs that have not been responsibly investigated and reported.
Bugs already known to us, or already reported by someone else (reward goes to first reporter).
Issues that aren't reproducible.
Issues that we can't reasonably be expected to do anything about.
Username enumeration.
Self-XSS
Missing DNS SPF records ect...
Reward
The minimum reward for eligible bugs is 0.2 BTC.
Rewards over the minimum are at our discretion, but we will pay significantly more for particularly serious issues.
Only one reward per bug.
How to Report a Bug
Send your bug report to support@pastecoin.com.
Try to include as much information in your report as you can, including a description of the bug, its potential impact, and steps for reproducing it or proof of concept.
Include your name and link as you would like it to appear on our Wall of Fame (optional).
Include your BTC address for payment.
Please allow 2 business days for us to respond before sending another email.
Policy: https://www.pastecoin.com/bug_bounty

submit bug report: https://cad.onshape.com

Policy

Onshape Security Bug Identification Program (Effective as of April 15, 2015)
Rules for you
Don’t attempt to gain access to another user’s account or data.
Don’t perform any attack that could harm the reliability/integrity of our services or data. DDoS/spam attacks are not allowed.
Don’t publicly disclose a bug before it has been fixed.
Only test for vulnerabilities on sites you know to be operated by Onshape.
Do not impact other users with your testing. If you are an Onshape user, we may suspend or terminate your Onshape account and ban your IP address if you do so.
Don’t use scanners or automated tools to find vulnerabilities.
Don't use automated burp scanning capabilities in any way such as using Burp extensions, Burp professional scanner, etc.
Never attempt non-technical attacks such as social engineering, phishing, or physical attacks against our employees, users, or infrastructure.
Don’t publicize in any way your participation in, or the existence of, Onshape’s security bug identification program.
Use the security@onshape.com email address for reporting vulnerabilities.
Send us a well formed report describing every step in detail for steps to reproduce.
Rules for us
We will respond as quickly as possible to your submission.
We will keep you updated as we work to fix the bug you submitted.
We will not take legal action against you if you play by the rules.
What does not qualify?
Bugs that are not related to security.
Vulnerabilities that Onshape determines to be an accepted or acceptable security risk.
Bugs that show login cookie working on logout
Bugs that show any session fixation aspects
Bugs that show rate limiting aspects
Bugs, such as XSS, that only affect legacy browser/plugin versions.
Bugs, such as XSS due to file uploads not on *.onshape.com
Bugs, such as XSS requiring unlikely user interaction.
Bugs, such as timing attacks or user enumeration via password reset, that prove the existence of a private document or user.
Bugs related to XSRF that are on un-authenticated portion of the site
Bugs related to XSRF on GET requests or logout requests, etc.
Insecure cookie settings for non-sensitive cookies.
Disclosure of public information and information that does not present significant risk.
Bugs that have already been submitted by another user, that we are already aware of Clickjacking a static site.
Bugs related to discovery by automated Burp plugins (extensions) e.g. param miner
Bugs related to web cache poisoning, client cache manipulation, etc.
Bug requiring users to click on things, etc.
Bugs in content/services that are not owned/operated by Onshape (including, without limitation, www.onshape.com, forum.onshape.com, and onshape.zendesk.com).
Scripting or other automation and brute forcing of intended functionality.
Impersonating an Onshape user.
Note
Misconfigurations such subdomain takeovers, OSINT based attacks such as API keys exposed via code repos, other OSINT based attacks such as exposed credentials, etc. are welcomed, however no monetary value will be awarded for those.
Other terms and conditions
Awards made by us pursuant to this program may include swag, bounty payments, or a combination thereof.
We determine bounty payments based on a variety of factors, including (but not limited to) impact, ease of exploitation, and quality of the report. If we pay a bounty, the minimum reward is $100. Note that low-risk issues may not qualify for a bounty.
We seek to pay similar amounts for similar issues, but bounty amounts and qualifying issues may change with time. Past rewards do not necessarily guarantee similar results in the future. The amount of any bounty payment will be determined by Onshape in our sole discretion. In no event shall we be obligated to pay you a bounty for any submission. All bounty payments shall be considered gratuitous.
The timing of any award made hereunder shall be determined at Onshape’s sole discretion. All bounty payments will be made in United States dollars (USD). You will be responsible for any tax implications related to bounty payments you receive, as determined by the laws of your jurisdiction of residence or citizenship. Payment is conditioned on you providing us with all information that we might reasonably request in order to make payment to you (including, in our discretion, Form W-9 or W-8_BEN)
You must keep confidential the terms and conditions of the program, your participation in the program, any submissions you make hereunder, and any award you may receive from us. If you are an Onshape user, we may suspend or terminate your Onshape account and ban your IP address if you breach these confidentiality provisions.
Your submission of any bug to us constitutes your acknowledgment of and agreement to all of the foregoing rules, terms and conditions.

submit bug report:https://www.olacabs.com

Policy

We request you not to do any public disclosure of a bug before it has been fixed.
Please understand that due to high number of submissions, it might take a bit of time in order to fix the vulnerability reported by you. Therefore, give us reasonable amount time to respond to you before you go public.
Share the security issue in detail. At times, we might ask for more information (if required).
Please do not access to another user’s account or data without permission.
Please be respectful with our existing applications, and we request you not to run test-cases which might disrupt our services.
Do not use scanners or automated tools to find vulnerabilities. They’re noisy and might result in suspension of your user account / IP Address.
We also request you not to attempt attacks such as social engineering, phishing. These kind of bugs will not be considered as valid ones, and if caught, might result in suspension of your account.
Vulnerabilities made public before the fix are not eligible for bounty reward
Policy: https://www.olacabs.com/whitehat