Products

Workbench

Streamlined entity search

Link Analysis

Automated connection visualizations

Grid

Situational awareness with real-time insights

Pre-Check

Automated fraud & risk signaling

Rabbit

Fast exploratory intelligence
Industries
Resources
Contact Sales
Log In
Request a Trial

Bug Bounty Program

We welcome responsible disclosure of security vulnerabilities. Please submit findings through this channel at security@skopenow.com. Submit one report per vulnerability so we can validate format and quality before additional submissions.

Scope

In-scope: Production applications, APIs, and domains owned and operated by Skopenow, including but not limited to:  app.skopenow.com and api.skopenow.com.
Out-of-scope: Third-party services, social engineering, physical attacks, denial-of-service, spam, or automated scanning without prior written approval.

Allowed Testing

  • Testing must not disrupt services or degrade performance
  • No brute force, volumetric attacks, or service degradation
  • Automated or high-volume testing requires prior written approval
  • Only test accounts and data you own or have permission to use

Submission Requirements

  • Clear steps to reproduce
  • Affected asset(s)
  • Impact description
  • Proof-of-concept
  • Reports must be actionable; low-detail submissions may be closed

Rewards

  • Rewards are discretionary based on severity, impact, exploitability, and report quality
  • Not all submissions are eligible for a reward
  • Rewards are issued after triage, validation, and acceptance of the report

Eligibility

  • First valid, actionable report of a unique issue within scope
  • Must include sufficient detail to reproduce
  • Duplicates or previously known issues are not eligible
  • First actionable report received will be considered

Rules of Engagement

  1. Demanding or Extorting a Bounty
    Requesting payment in exchange for details or threatening disclosure is prohibited.
  2. Spamming or Low-Quality Submissions
    Automated, bulk, or low-quality reports without proof-of-concept are not accepted.
  3. Scope Violations
    Do not test out-of-scope systems or misrepresent impact.
  4. Unauthorized Access or Disclosure
    Do not access, modify, or exfiltrate data belonging to others. If sensitive data is encountered, stop testing and report immediately. Do not retain or share such data, and securely delete any accessed data after reporting.
  5. Social Engineering or Harassment
    No phishing, pretexting, or abusive behavior.
  6. Platform or Communication Misuse
    Use only this submission channel. Do not contact customers or employees directly.
  7. AI-Generated or Duplicate Work
    Reports must reflect original analysis. Duplicate or low-effort submissions are ineligible.

Safe Harbor

  • Good-faith research conducted within these rules will not result in legal action by Skopenow
  • We will not pursue claims under applicable anti-hacking laws (including the Computer Fraud and Abuse Act) for activities that comply with this policy
  • Avoid privacy violations, data destruction, and service disruption
  • If sensitive data is encountered, stop immediately and report it

Disclosure Policy

  • Do not publicly disclose vulnerabilities without prior written approval
  • No public disclosure until the issue is resolved or explicit approval is provided
  • We follow a coordinated disclosure process

Response Targets

  • Acknowledgment within 1–2 business days
  • Initial triage within 3 business days
  • Response and remediation timelines are targets, not guarantees
  • Remediation timelines vary by severity