Avail's priority is to keep our members’ data safe, and we recognize that no technology is perfect. We believe that working with talented security researchers is critical to identifying weaknesses and vulnerabilities in our systems.
Targets
Targets are accessible by the public internet. Our dev environment is open to the world at https://dev.availcarsharing.com and is the preferred testing location.
If you test on https://availcarsharing.com, you are targeting our production environment. Please do not run tests that compromise the integrity or stability of this environment.
Out of scope
Ratings/Rewards
For the initial prioritization/rating of findings, this program will use the Bugcrowd Vulnerability Rating Taxonomy. However, it is important to note that in some cases a vulnerability priority will be modified due to its likelihood or impact. In any instance where an issue is downgraded, a full, detailed explanation will be provided to the researcher along with the opportunity to appeal and make a case for a higher priority.
Reporting
Rewards require that the Avail security team can verify and reproduce the described issue. Reproduction steps need to be clear and can include screenshots, videos, scripts, etc.
**DO NOT** use the output from automated scanners and tools as the entire vulnerability report.
Please send your findings to bugbounty@availcarsharing.com.