submit bug reportEmail us about vulnerabilities at security@hirevue.com or submit reports at HackerOne. Please use our public key for all communication.
Rules for Testing HireVue
Do not email us requesting an invite to our private HackerOne program. If you've found an issue, email us (security@hirevue.com) with the basics and we'll send you an invite if it is an eligible finding.
Do not use any automated tools of any kind. It disrupts our service and the bugs found by them will all be duplicates.
Submit only bugs which you have actually tested and found a problem. Do not submit generic reports about a "possible" security problem. We need specific attack vectors.
Do not send us "Security Best Practices" reports. We already know about these.
Do not game the HackerOne system. Don't report bugs that don't exist just in case they do. We will work with HackerOne to ban your account.
Please only report issues that are very clearly security problems. If in doubt, don't submit it.
Do not harass us asking for rewards or bounties. We will offer you a bounty if your report is serious enough. We want to reward you for your work, but clicking a button on some tool you downloaded is not a way to get rewarded.
You may only email security@hirevue.com with findings. Do not spam public email addresses you've found online. We will report anyone who does this to HackerOne.
HireVue's marketing site (
www.hirevue.com) is not within the scope of our product offering, any information provided with relation to that site will be treated as informational.
If we find that you're in violation of any of these rules we will reject your reports. We ask that you be respectful and we'll do the same.
Disclosure Policy
Let us know as soon as possible upon discovery of a potential security issue, and we'll make every effort to quickly resolve the issue.
Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party.
Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit permission of the account holder.
Bounty Program
To show our appreciation of responsible security researchers, HireVue offers swag and/or monetary bounties for reports of qualifying security vulnerabilities. Reward amounts will vary based upon the severity of the reported vulnerability, and eligibility is at our sole discretion.
Exclusions
While researching, we'd like to ask you to refrain from:
Denial of service
Spamming
Social engineering (including phishing) of HireVue staff or contractors
Any physical attempts against HireVue property or data centers
HireVue's marketing site (
www.hirevue.com) is not within the scope of our product offering, any information provided with relation to that site will be treated as informational.
Thank you for helping keep HireVue and our users safe!
