Commitment to researchers

This area is where the program vendors show how they will respond to researcher reports. This shows how much a program is open to accepting vulnerabilities and how much they value the researcher's feedback on their products. Generally, the program demonstrates a commitment to researchers by stipulating that they will do the following:

• Respond in a timely manner, acknowledging receipt of your vulnerability report
• Provide an ETA for considering the vulnerability report
• Investigate and consider the vulnerability report for eligibility under our bug bounty program within 30 days of submission
• Notify the researcher when the vulnerability has been fixed