GENERAL PROVISIONS
Last updated: 23 Aug 2024 (“Effective Date”)
Last updated
Last updated: 23 Aug 2024 (“Effective Date”)
Last updated
Welcome to the Bug Bounty Platform (as defined below). We are dedicated to building and maintaining a unified bug bounty platform that caters to both security researchers and project developers. This Platform will serve as the cornerstone of our efforts to champion fairness and justice within the bug bounty ecosystem.
These terms of use are entered into by and between you and Remedy XYZ Ltd. The following terms and conditions, together with including all disclaimers, warranties and representations, related policies, and all information and references posted on the Company’s Platform constitute the sole and entire agreement between you and the Company, govern the User’s access to and use of https://r.xyz/ and its sub-pages. Please read these Terms of Use (as defined below) carefully before using the Platform. These Terms of Use govern each User’s access to and use of the Platform and the Services on or after the Effective Date. If you disagree with these Terms of Use, you are not permitted to use the Platform. By using the Platform, the User represents and warrants that the User has reached the age of majority under the User’s applicable jurisdiction to enter into a legally binding agreement with the Company (as defined below).
By using the Platform, you acknowledge that you have read and understood these Terms of Use and agree to abide and be bound by them in their entirety as the same may be amended from time to time. Your continued use of our Platform constitutes your continued acceptance of any changes.
Our outlines how we gather and utilize personal information that is associated with the User’s use and access to the Company.
You should not use the Platform unless you represent, warrant and confirm that:
You have the legal capacity to enter into a binding contract, which means you must be 18 years of age or older or meet the age requirements of your jurisdiction without any other restrictions;
By making use of the Platform, you represent and warrant that neither you nor any entity you represent are not or do not:
(a) the subject of cyber-related sanctions imposed or enforced by government authority of the United Kingdom, British Virgin Islands or any other jurisdiction and are not listed on any roster of parties restricted or prohibited in connection with cybersecurity activities by any government authority or other competent body;
(b) hold citizenship or residence in, and are not organized under the laws of any jurisdiction or territory subjected to sanctions on a country-wide, territory-wide, or regional level by bodies including but not limited to the United Nations, European Union, United Kingdom, or the United States, particularly those regions recognized for state-sponsored cyberattacks or significant cybersecurity threats;
(c) engage in any activities that may reasonably pose a significant cybersecurity risk, including but not limited to hacking, cyber espionage, or state-sponsored cyberattacks.
If at any point the aforementioned representation and warranties cease to be true, you are required to notify the Company and halt all use of the Platform immediately. In the event of a representation or warranty ceasing to be true, the Company shall, in its sole discretion, have the right to restrict and/or block use of the Platform.
If you are registering on behalf of a company, partnership or other form of corporate structure, you are authorized to do so and have the legal power to represent and bind the company, partnership or other corporate structure;
You have read and fully understand these Terms of Use, and you agree to be bound by them in their entirety; and
You will comply with these Terms of Use as well as all applicable laws and regulations.
DEFINITIONS
“Asset”
refers to the software code that the Project makes available to the Security Researchers to be audited.
“Assets Under Risk”
refers to the Assets which are being directly tested by the Security Researcher and for the avoidance of doubt will not include any consequential asset or indirectly linked asset.
“Bounty”
refers to the compensation made by the Project to the Security Researcher for the provision of the services as amended from time to time in respect of the Assets Under Risk.
“Commission”
refers to the compensation made by the Project to the Platform for the provision of the Services, be it a subscription fee or a commission from the Bounty or other fee paid to the Platform.
“Company”
means Remedy XYZ Ltd.
“Content”
refers to all text, information, documents, images, drawings, graphics, trademarks, audio, video, software, data and other materials made available through the Platform.
“Mediation”
refers to the process of technical assessment of the validity of the report per the program description and technical factors of vulnerabilities including but not limited to negotiations and the involvement of third-parties.
“Platform”
“Private Program”
refers to a Program, where Projects choose to disclose the actual source codes of a Program only to chosen Security Researchers. The Project may, at their sole discretion, select Security Researcher(s) to whom access is provided.
“Program”
refers to the order by the Project that includes but is not limited to the scope and terms of the services, description of bug severity, bounty payment amount or range, additional requirements, etc.
“Project”
refers to a User registered on the Platform that is looking for an Researcher to receive cybersecurity services and Reports on its Assets.
“Proof of Concept”
refers to the evidence demonstrating the existence of a specific bug in the Asset.
"Report"
refers to the comprehensive material submitted by a Security Researcher to the Project through the Platform, detailing the bugs identified in the Asset and their respective severity levels. The purpose of the Report is to document and communicate the vulnerabilities discovered during the bug-hunting process. Along with bug descriptions, the Report may also include suggested solutions for the identified issues (remediation) and Proof of Concepts that demonstrate the presence and impact of the bugs within the Asset.
“Retest”
refers to the double audit of the Asset upon the request by the Project to the Security Researcher after the suggestions made by the same Security Researcher are already implemented in the Asset.
“Security Researcher”
refers to an individual registered on the Platform that provides cybersecurity services aimed at detecting bugs in an Asset of a Project and submits Reports on the bugs in return for compensation.
“Services”
refers to all services, without limitation, involved with providing the Platform and for providing cybersecurity services, Mediation, and Triage Services, information filtering services, etc.
“Terms of Use”
refers to the terms of use of the Platform, all operating rules and policies, and any amendments made to them, and including all information and references posted on the Company’s website, which together form a legally binding agreement between the Company and the User.
“Triage Services”
refers to the essential function of initially evaluating and classifying Reports submitted by Security Researchers. This crucial process involves carefully assessing the severity, impact, and relevance of the Report by the Platform.
“Unethical Behaviour”
refers to any kind of violation of the Terms of Use, as well as any action that the Platform regards, in its sole discretion, as circumvention and breach of the Terms of Use, including, but not limited to contacting the Security Researcher or the Project outside the Platform, promoting any illegal activity, registering as a Security Researcher being an affiliated person to the Project, taking any action that may be considered as fraud, deceit, manipulation, abuse of rights, any activity violating any applicable law, regulation.
“User” or “you”
refers to a Project or a Security Researcher.
“We,” “our,” or “us”
refers to the Company.
To start using the Platform, the User must either:
(a) access a Program as a prospective Security Researcher for review and to evaluate a Program. The prospective Security Researcher need not register on the Platform at this stage, however, accessing a Program will constitute the prospective Security Researcher’s acceptance of these Terms of Use; or
(b) register on the Platform as a Project or as a Security Researcher. There are two options available for Users of the Platform either:
(i) as a Project in search of cybersecurity services; or
as a Security Researcher or who can assist Projects in identifying vulnerabilities in their Programs, providing Reports and whom can receive a Bounty for the provision of their Services.
During the registration process, in order to comply with our legal obligations such as Anti-Money Laundering and Counter-Terrorist Financing rules and regulations, the Company may, at its sole discretion, require a User to provide necessary documentation and undergo KYC procedures before granting access to the Platform. If the User refuses to undergo such a process, the Platform reserves the right to block or terminate the use of the Platform to that User.
The Project may require Security Researchers to go through an additional KYC process, if such requirement is specified in the Program information and the Security Researcher agrees to participate in the Program under such conditions.
Subject to the prior confirmation by the Company, the Project may delegate the implementation of the Security Researcher’s additional KYC process to the Company, and if agreed so in advance between the Company and the Project, upon the completion of the KYC process, the Company shares the KYC results with the Project. In case of such a delegation, the Project may transfer the entire Bounty to the Platform, which will then handle the distribution accordingly.
By submitting the Program to the Platform, the Project accepts and agrees that the Asset will be publicly available and any Security Researcher can audit the Asset, except for the Private Programs, in which case the Project itself selects the Security Researcher. The Project shall provide an indicative range in respect of the potential Bounty which a Security Researcher may earn (Indicative Bounty Range).
To be eligible for a Bounty, the Report must comply with all the pre-defined conditions of the Program and the bugs in the Report should not have already been submitted by another Security Researcher to the Project (such discovery does not deprive the latter Security Researcher of being eligible for the Bounty, if the severity level is higher than that reported by the initial Security Researcher). If the submitted Report is out of scope, the Bounty payment is at the sole discretion of the Project. The Project implements the suggestions made in the Report at its own risk.
Before accepting the Report, the Project has the right to require Proof of Concept and additional information on the bugs found. The Security Researcher must provide Proof of Concept in all cases for bugs with a high and/or critical severity. In addition, where a Security Researcher identifies a bug which a Project has previously been notified of and the Security Researcher ascribes a higher severity level than previously ascribed, the Security Researcher must provide a Proof of Concept in order to be eligible for a Bounty.
The Project may request the Security Researcher to retest the Asset. Such a request will be mandatory for the Security Researcher if it was explicitly provided in the Program as an eligibility criterion for the Bounty. However, even if not required by the Program listed, it is best-practice for the Security Researcher to process a Retest.
All communication between the Security Researcher and the Project must be conducted through the chat feature of the Platform. Any communication concerning the Programs published on the Platform conducted outside of the Platform will be considered a breach of the Terms of Use and the Platform shall have no liability to any party in respect of any loss suffered as a result of communications outside the Platform chat feature. The Company does not guarantee the security or functionality of third-party software or technology and is not liable for any losses of any sort due to the failure or malfunction of third-party software or technology utilised by a User.
The Security Researcher assumes complete responsibility for any harm caused to the Project or the Platform due to tort or negligence. It is strictly prohibited to disclose any details of private programs to others. While collaboration is allowed for auditing public programs, working as a team is not permitted for private programs, unless the Project has confirmed otherwise.
The Platform may, in its sole discretion, review a Report before submitting it to the Project to filter the information and check the compatibility of the Report with the pre-defined program requirements. In the event that a Project intends to pay a Bounty outside the Indicative Bounty Range, they must provide written reasons for the level of the proposed Bounty to the Security Researcher and the Platform.
The bug severity mentioned in the Report can be contested by the Project. If both parties do not reach an agreement, they may refer the Report to the Platform for the Triage Services and/or Mediation Services. The Platform shall provide a description of bug severity through means of a separate report and/or changing status, and/or in written form or another means of communication. Such documents have only an advisory nature and the Users are not bound by the definitions, descriptions, or decisions provided by the Platform until such time as these Terms of Use are updated. The Triage Services and related report are not binding on the parties and in the event of a continued dispute following the issue of the report, the parties may instruct a third party to settle the dispute.
The Security Researcher may request the Platform to provide Mediation between the Users. If the Project refuses to pay the Bounty in the Indicative Bounty Range in full to the eligible Security Researcher the Platform and/or the Security Researcher reserves the right to publish the case of the Project but will not publish the underlying report. The Project shall be given 45 days to consider making the payment of the Bounty following notification by the Platform or the Security Researcher or to provide written reasons of its refusal to pay the Bounty to the Security Researcher. If the Project does not make the payment within 30 calendar days from the moment of deciding to pay the Bounty or does not provide any decision on the Report within the given 45 days or, at the sole discretion of the Platform, gives inadequate reasons for its refusal to pay the Bounty, the Platform reserves the right to take other measures at its disposal, including but not limited to the termination, suspension, blocking or freezing of access to the Platform for the Project and any affiliated users, entities, partnerships or other legal personality. The Project agrees that in case of non-payment of the Bounty in full, the Security Researcher as the owner of the report, has the right to publicly disclose the Report, including its details, findings, and any associated Proof of Concept, without any restrictions or limitations after expiration of a 45 day period or, in the sole discretion of the Security Researcher, to authorise the Platform to release the Report.
If the bug presented in the Report has been previously disclosed to the Project by another Security Researcher, the Security Researcher will not be eligible for Bounty. However, the Project must provide written proof that such discovery was known previously. If the previous Report was submitted through the Platform, upon the request of the Project or Security Researcher the Platform may provide evidence from the Chat conversation through the Platform proving the previous discovery along with the proof of the unchanged conversation. The Project is required to provide evidence that proves the earlier submission of discovery if it was reported through another source. This evidence can include clear screenshots or any other means that establish the existence of the prior report. The Project must demonstrate that the reported issue was already identified and acknowledged, ensuring transparency and fairness in the bug-handling process.
If the Security Researcher, who is not registered on the Platform, found a bug in the Asset, which was not previously known to the Project, and wants to submit a Report, the Platform may mediate for the Bounty payment to the Security Researcher.
A Project may, in their sole discretion, define additional terms and rules for the Program including but not limited to pay-outs. If the Security Researcher undertakes the testing and provides a Report, they shall be deemed to have accepted the additional terms and rules when providing a Report.
The Project rewards a Bounty to the Security Researcher who submits a Report meeting all the pre-defined requirements of the Program. The Project may reduce the level of the Bounty within the Indicative Bounty Range at its sole discretion however, a decrease in the level of the Indicative Bounty Range shall only be effective from the point of change and, for the avoidance of doubt, any Report submitted prior to the reduction in the level of the Indicative Bounty Range shall be subject to the original Indicative Bounty Range and not the reduced range. The reduction in the Indicative Bounty Range must be notified by the Project to the Security Researcher via the Platform.
The default payment process is the Project directly transferring the Bounty to the Security Researcher and separately transferring the commission to the Platform. Upon the Platform’s prior consent as part of its Services, the Project may transfer the entire Bounty to the Platform, which will then handle the distribution accordingly. The Platform will make its best efforts to process payments promptly; however, it is not responsible for any delays in payment that are beyond its reasonable control or any payments to incorrect accounts based on the provision of incorrect information by a User.
The Project agrees to pay Commission for the Platform’s Services in the amount and terms provided by the Platform.
In case a bug is discovered by a Security Researcher not registered on the Platform and the Platform may mediate the payment of a Bounty, the Commission to be paid by the Project to the Platform is provided on the Platform.
Security Researchers must conduct themselves ethically and in accordance with the rules and guidelines of the Platform. Unethical behaviour by Security Researchers includes, but is not limited to:
Begging for a Bounty reward that is not owed to the Security Researcher based on the terms of the Program.
Requesting gas fees from the Platform or the Project.
Disputing a Report after it has been paid or marked as closed, except for requesting mediation.
Advertising or promoting services on the Platform or to the Project.
Conducting attacks based on personal characteristics, such as race, gender, religion, or sexual orientation.
Testing with live or public testnet contracts without permission from the Project.
Falsely claiming that a bug report affects an Asset in scope when it does not.
Exaggerating the severity of a Report to receive a higher Bounty pay-out.
Creating multiple accounts on the Platform to circumvent rules or increase rewards.
Underreporting or misrepresenting vulnerabilities to receive a higher Bounty.
Revealing the Report or its existence to the public before the Project has addressed and compensated it and fixed the bugs revealed in the report.
Revealing the Report to the public before 45 days have passed since the Project determined it was out of scope or did not require a fix.
Revealing a Report that is considered a duplicate or already known to the Project.
Revealing a valid Report which was accepted by the Project and for which the Bounty was paid without the prior written confirmation of the Project.
Providing the Project with a Report that lacks specific information, clear steps to reproduce, or a demonstration of the issue when requested.
Submitting Reports that are considered spam or of low quality, or information that is not relevant to a bug report on the Platform.
Conducting automated testing that generates excessive traffic on the Project's platform.
Attempting to exploit, attack, or threaten to exploit/attack the project on the Platform.
Phishing or conducting other social engineering attacks against the Project or the Platform.
Engaging in harassment or abusive communication with the Project or the Platform or other Security Researchers.
Pretending to be other Security Researchers.
Threatening violence against the Project, Platform or any of its members and other Security Researchers.
Threatening to publish or publishing people's personal information without their consent.
Engaging in extortion, blackmail, or threats of extortion/blackmail against the Project or any of its members.
Publishing content that violates the law or when communicating with the Project.
Reporting a bug that has already been publicly disclosed.
Submitting Reports that were generated by AI or automated scanners.
Contributing fixes to the Project's repository without obtaining explicit permission.
Disclosing or accessing sensitive information beyond what is necessary to submit the bug report or conduct mediation.
Projects must conduct themselves ethically and in accordance with the rules and guidelines of the Platform. Unethical behaviour by Projects includes, but is not limited to:
Abusing the mediation request system to unjustly influence or manipulate the bug bounty process.
Routing Around the Platform: Attempting to bypass or communicate outside of the designated Platform, which can lead to unfair negotiations, bribery, or other forms of unethical behaviour.
Claiming a bug report is a well-known or duplicate issue without clear evidence, with the intention of preventing the legitimate reporting and rewarding of a valid bug report.
Paying Security Researchers who submit Reports outside of the Platform in order to avoid paying the Platform's commission or to incentivize unethical behaviour.
Publicly disclosing the Report before the vulnerability has been fixed and the Security Researcher has been compensated.
Soliciting Security Researcher hackers on the Platform for commercial projects or private bug bounty programs, which is a violation of the Platform's policies and can lead to conflicts of interest.
Conducting attacks or providing biased feedback based on personal characteristics such as race, gender, religion, or sexual orientation, which is considered unethical behaviour.
Engaging in deceptive or dishonest communication with Security Researchers, such as misrepresenting the severity of a vulnerability or the status of a report.
Shutting down a Report without offering comprehensive details and/or proof as to why it should be terminated.
Promoting any of the above behaviours or other forms of unethical behaviour, which is a violation of the Platform's policies and can result in the suspension or termination of the account.
The Platform upholds ethical standards and emphasizes that any instances of unethical behaviour, whether within or outside the Platform, will be taken seriously. If the Platform becomes aware of such behaviour, it reserves the right in its sole discretion to disable the User involved.
The Content and terms of the Program, as well as these terms, the design or functionalities of the Platform, may be changed/modified at any time and the Platform will do its best to keep the Content up to date. The Platform is not obligated to notify Security Researchers /Projects of any changes. The User is expected to check this page each time it accesses this Platform, so it is aware of any changes as they are binding on the User.
The Company is not responsible for the accuracy, correctness, or completeness of any information, materials, or documents available through or in relation to the Platform. It is the responsibility of the Security Researcher to ensure the accuracy of their reports and the Project to verify the validity of the reported vulnerabilities.
The Company does not endorse any Security Researcher. The Company is not responsible for any damage or harm resulting from a User’s communications or interactions with other Users, either through the Services or otherwise. Any selection or use of any Security Researcher is at the User’s own risk.
Security Researchers are not employees, contractors, or agents of the Company, but are independent third parties who want to participate in the provision of Services and connect with Projects through the Services. Unless otherwise expressly agreed to in writing by the Company, the Project agrees that any legal remedy that the Project seeks to obtain for actions or omissions of a Security Researcher regarding the Project’s program or Security Researcher’s Report will be limited to a claim against the particular Security Researcher. Any contract or other interaction between a Project and a Security Researcher, including with respect to any Project policy, will be between the Project and the Security Researcher. The Company is not a party to such contracts and disclaims all liability arising from or related to such contracts.
The Program assumes complete responsibility for addressing and resolving reported bugs, as well as accepting the Reports. The Program acknowledges that bug reports are generated by humans, and even with thorough triage and multiple reviews, the possibility of bugs persisting cannot be entirely eliminated. The bug bounty process, including triage and reviews, serves as an additional layer for ensuring the security of projects.
The Platform reserves the right to review each Program and Report before publishing it on the Platform and may decide not to publish the Program at its sole discretion.
Each party involved in the bug bounty program is responsible for the entirety of any costs and/or taxes associated with their respective roles. The Program is responsible for any taxes arising from the transfer of the Bounty, and it shall fulfil this obligation accordingly. If the regulations of the Security Researcher necessitate taxes, the Security Researcher shall bear those tax obligations. The Company is responsible for any applicable taxes on its Commissions.
The Platform reserves the right to disable any username, or password, to restrict, suspend, or terminate the access of Users to the Platform or any part of the Platform or any of its features at any time at the sole discretion of the Platform for any or no reason without any prior notice. The Platform also reserves the right to take appropriate legal action and cooperate with law enforcement authorities in case of any illegal or unauthorized behaviour.
The Platform does not provide any warranty for the cooperation between the Users, including for the payment of the Bounty. The Platform will investigate and address reported vulnerabilities, but the Platform bears no responsibility for any loss, damage, or harm, resulting from the communication or interaction between the Security Researcher and the Project, including accepting and implementing the Report suggested by the Security Researcher.
Users acknowledge that they act on the Platform at their own risk and that the Company is not responsible for any damages or losses that may result from a User’s participation on the Platform.
By using the Services and/or the Platform, Users warrant to hold harmless the Company, its subsidiaries, directors, partners, employees, contractors, or agents from any claims resulting from any action taken by the Users. The Platform provides the ability for Users to interact with various decentralized finance protocols. However, it’s important to note the Platform has no control over the subsequent interactions or transactions, and it is the sole responsibility of Users to assess the risks and choose to deploy their digital assets onto such protocols. The operation of these protocols may involve complex blockchain technologies that require an in-depth understanding of digital assets, cybersecurity, and related technologies. The platform is open access, meaning that anyone can access it. As a User, it is crucial to have a complete understanding of the Platform and the associated risks, which include but are not limited to the potential forfeiture or loss of your digital assets. The Platform enables two Users to interact. The Platform and/or the Company accepts no responsibility for any losses suffered by any User in respect of their relationship with another User.
YOUR ACCESS TO AND INTERACTION WITH THE PLATFORM IS AT YOUR OWN RISK. THE PLATFORM AND/OR THE COMPANY DISCLAIM ALL LIABILITY AND OFFER NO WARRANTIES REGARDING THE PLATFORM, REGARDLESS OF WHETHER ACCESS IS GAINED THROUGH THE PLATFORM, THE SERVICES OR THE INTERFACE.
Your usage of the Services might necessitate the payment of transaction fees required by the underlying blockchain or distributed ledger service or by the Platform itself. These fees are in place to foster the intended use among Platform participants and/or Users. The Company has no control over fees and is not responsible for them in any way.
The Company operates the Platform and has the right to use all the Content on it. All Content of the Platform, as well as copyright and other intellectual property rights to such Content or is presented on the Platform with the consent of the owner.
The Platform does not claim any ownership rights for any Program or Report.
By using the Platform and/or the Services, User grants to the Company and its affiliated companies a non-exclusive, sublicensable, transferable, non-revocable, and royalty-free worldwide license to use, copy, reproduce, display, modify, adapt, transmit, and distribute any of the materials, queries, codes uploaded by the User in the course of using the Services and/or the Platform for any purpose and/or activity by the Company and its affiliated companies.
The Platform grants the Users a non-exclusive, non-sublicensable, non-transferable, revocable, and worldwide license to access and use the Content on the Platform.
Upon acceptance of the Report and the subsequent closure of its status, the Security Researcher acknowledges that the ownership of the Report is transferred to the Project. This transfer occurs when the Security Researcher receives the Bounty, and the Security Researcher doesn’t protest the case within 7 days after the transfer. THE SECURITY Researcher SHALL NOT, IN ANY CIRCUMSTANCE, REVEAL A REPORT THAT HAS BEEN ACCEPTED AND CLOSED WHERE A BOUNTY HAS BEEN PAID WITHOUT THE PRIOR WRITTEN CONSENT OF THE PROJECT.
Users will indemnify, defend, and hold harmless the Company and its officers, directors, employees, and agents, from and against any claims, disputes, demands, liabilities, damages, losses, and costs and expenses, including, without limitation, reasonable legal and accounting fees arising out of a third party claim (i) that a User’s materials infringe upon a patent, copyright, trademark, or trade secret of a third party, or (ii) arising from a Project’s use of a Security Researcher’s Report.
The indemnified party shall give prompt written notice of all claims for which indemnity is sought and shall cooperate in defending against such claims, at the expense of the indemnifying party. The indemnifying party shall conduct and have sole control of the defense and settlement of any claim for which it has agreed to provide indemnification; provided that the indemnified party shall have the right to provide for its separate defense at its own expense. The rights and remedies set forth in this section states a party’s exclusive liability and the other party’s exclusive rights and remedies with regard to claims made by a third party for intellectual property infringement or violation of a third party’s intellectual property rights.
The nullity or invalidity of one of the provisions of these Terms shall have no effect on the remaining provisions of these Terms of Use.
These Terms of Use shall be governed by and construed in accordance with the laws of BVI. Parties are committed to resolving disputes through negotiations within 30 days of a User giving notice of a dispute. In case of failure to reach an agreement through negotiations, all disputes arising from these Terms must be submitted to the exclusive jurisdiction of the courts of the British Virgin Islands.
In the event of a conflict between the Specific terms in Appendix A and these Terms of Use, the Specific terms in Appendix A shall prevail.
If a User, developer, data analyst, organization or other user (“Glider Recipient”) is, at the sole discretion of Company, given access to an additional product known as “Glider” (“Glider”), then in consideration for the various functionalities and services Glider offers, the Terms of Use between the Glider Recipient and the Company shall include by reference the following specific terms for Glider in addition to the Terms of Use. By accepting the Terms of Use, the Glider Recipient also consents to and agrees to these additional specific terms included in the Terms of Use by reference. Below are the specific terms for a Glider Recipient to use Glider.
In the event of a conflict between the Specific terms in this Appendix A and the Terms of Use, these Specific terms shall prevail.
Welcome to Glider, a free-for-research and open-source platform revolutionizing the web3 world. With a vision of fostering collaboration among Security Researchers, Glider serves as a potent tool for white hackers and Security Researchers alike, enabling them to fortify the web3 ecosystem's foundations.
Glider offers Glider Recipients the chance to contribute to a better web3 environment, characterized by resilience, transparency and trust. By harnessing our community's collective intelligence and creativity, we strive to establish security as a fundamental pillar of the digital experience.
As you embark on your Glider journey, we invite you to explore the endless possibilities, share your insights, and collaborate with fellow innovators.
Glider is a comprehensive tool that provides a range of services tailored to meet the needs of Security Researchers, developers, Projects and Organizations. Our offerings are designed to enhance security, streamline vulnerability detection, and promote collaboration within the community. Below is an overview of the key services offered by Glider:
Semantic Code Analysis Engine: Glider's flagship service is its cutting-edge semantic code analysis engine. Renowned for its industry-leading capabilities, this engine revolutionizes vulnerability detection by allowing Users to query code as though it were data. With Glider's semantic analysis, Security Researchers can craft precise queries to uncover various vulnerabilities and coding errors, do data analytics, ensuring robust security for software projects.
Open-Source Codebase Analysis: Glider enables Glider Recipients to run real queries on open-source codebases, streamlining vulnerability discovery and enhancing the security posture of software projects. By leveraging Glider's platform, Glider Recipients can identify and address security vulnerabilities more effectively, contributing to the overall security of the web3 ecosystem.
At the Company’s sole discretion, we reserve the right to limit access to codebases, restricting them to testnet only or a portion of mainnet. It's important to note that mainnet represents the live and real-time environment, while testnet lacks any real-world value and is primarily used for testing purposes, thus minimizing potential risks associated with security breaches.
Custom Query Development: Glider empowers Glider Recipients to develop and test custom queries tailored to their specific needs. Whether it's addressing unique security challenges or refining existing queries, Glider provides the tools and resources necessary to develop high-quality custom queries for vulnerability detection and code analysis.
Code Scanning Alerts: Through Glider's code scanning alerts feature, Users can generate alerts based on the results of code scanning analyses. These alerts provide valuable insights into potential security vulnerabilities and coding errors, enabling developers to take proactive measures to mitigate risks and enhance the security of their codebases.
Community Collaboration: Glider fosters collaboration and knowledge sharing within the security community. Glider Recipients can share their queries, insights, and best practices with the broader community, facilitating collaboration and collective learning. By harnessing the collective intelligence and creativity of the community, Glider aims to establish security as a fundamental pillar of the digital experience.
Services provided are subject to potential limitations, suspensions, or amendments, as deemed appropriate by the Company in its sole discretion. The Company provides all services on an 'as-is' basis and makes no representations or warranties as to the services provided. The Company disclaims all implied warranties, including all implied warranties of merchantability or fitness for a particular purpose, in connection with these Terms of Use and Specific Terms.
The Company is committed to maintaining a safe and secure environment for all Glider Recipients. As a Glider Recipients, you play a crucial role in upholding this commitment. By using Glider, you agree to abide by the following Acceptable Use Policy:
Lawful Use: You may and will only use Glider for lawful purposes. You agree not to engage in any activity that violates applicable laws or regulations.
Ethical Conduct: As a Glider Recipients, you understand and uphold ethical standards in your use of Glider. You agree not to use Glider for any activities that could be considered unethical, including hacking, unauthorized access to systems or any other malicious activities.
No Harmful Activities: You agree not to use Glider to conduct or facilitate any activities that could cause harm to individuals, organizations, or systems. This includes but is not limited to distributing malware, conducting phishing attacks, or engaging in any form of cybercrime.
Responsible Disclosure: If you discover security vulnerabilities or weaknesses while using Glider, you agree to responsibly disclose them to the relevant parties in accordance with established industry practices and guidelines.
Respect for Privacy: You agree to respect the privacy of other Glider Recipients and refrain from engaging in any activities that invade or compromise their privacy.
No Unauthorized Access: You agree not to attempt to gain unauthorized access to any systems, networks, or data using Glider. This includes but is not limited to exploiting security vulnerabilities or bypassing access controls.
No Disruption: You agree not to use Glider to disrupt or interfere with the normal operation of systems or networks, including denial-of-service attacks or other forms of cyber-attack.
Compliance: You agree to comply with all applicable laws, regulations and industry standards governing your use of Glider.
By using Glider, you acknowledge that violation of this Acceptable Use Policy may result in the termination of your account at the sole discretion of the Company without notice and with potential legal consequences. We reserve the right to investigate and take appropriate action against any violations of this policy.
Glider and its licensors retain ownership of all intellectual property rights related to Glider. You may not duplicate, copy, or reuse any portion of Glider without express prior written permission.
Glider is licensed on a per-user basis for academic research, software demonstration, and query submission only.
Glider is currently in beta testing and has not yet been released to the public ("Beta Services"). The Beta Services are designed to test new products, features, and programs, and we may make these Beta Services available to you to obtain your feedback. We reserve the right to modify or discontinue the Beta Services at any time. If the Company cancels the Beta Services, we will refund a prorated amount of the integration fee, calculated by dividing the total fee by 12 months. For any engineering hours that have been booked, we will refund the unused portion of the amount if it has been paid in advance. The Beta Services and any information related to them are confidential except for the portions that have already become publicly available. By using Beta Services, you agree to maintain the confidentiality of all related information.
As a Glider recipient, you acknowledge and agree that all information related to Glider, including but not limited to feature plans, pricing, interface design, and any other non-public aspects of the platform ("Confidential Information"), is confidential. You agree to keep this information strictly confidential and not to disclose it to any third parties without the express written consent of the Company. You shall use the Confidential Information solely for the purpose of engaging with Glider during its beta period and for no other purpose.
You agree to protect the Company's Confidential Information that you may receive or otherwise be exposed to while exercising your rights or performing your obligations under these Terms or any other agreements between you and the Company. You will apply the same degree of care to protect the Company's Confidential Information as you would use to protect your own similar information, but in no event less than a reasonable degree of care.
You may disclose Confidential Information to your employees and contractors who need to know such information to participate in the Glider beta program, provided they are bound by written obligations of confidentiality no less restrictive than those set forth in this clause.
Any breach of this confidentiality obligation may result in the termination of your access to Glider and may subject you to legal remedies.
Extensive documentation is available to assist you in writing queries and we will review and save your queries in our database.
You can terminate your Glider account when necessary. You can initiate this process at any time through your account settings. Should you decide to discontinue your association with Glider, you must follow the outlined procedure for account termination to ensure the closure is executed accurately.
The Company retains the authority to suspend or terminate access to the Platform or its specific components under various circumstances. Such actions may be taken with or without cause and may occur without prior notice to the Glider Recipient. These circumstances may include but are not limited to:
Violation of Terms of Use: Failure to adhere to the terms outlined in the Glider Terms of Use may result in the suspension or termination of your account. This includes but is not limited to engaging in prohibited activities, violating community guidelines or any other actions deemed unacceptable by the Company.
Unlawful Conduct: Engaging in unlawful conduct, including but not limited to hacking attempts, unauthorized access to systems, or any activities that contravene applicable laws, may lead to the immediate suspension or termination of your account without notice.
Fraudulent Activities: Any involvement in fraudulent activities, such as identity theft, financial fraud, or misrepresentation of information, may result in the suspension or termination of your Glider account without notice.
Breach of Security: Any attempts to breach the security of Glider's platform, systems, or Glider Recipients accounts, including hacking, phishing, or unauthorized access to data, may lead to the suspension or termination of your account without notice.
Abusive Behavior: Engaging in abusive behavior towards other Glider Recipients, Glider staff, or any individuals associated with the Platform, including harassment, threats, or hate speech, may result in the suspension or termination of your account without notice.
Non-Payment: Failure to fulfill payment obligations, if applicable, may lead to the suspension or termination of your account without notice.
It is important to note that the Company reserves the right to exercise sole discretion in determining whether account suspension or termination is warranted in any given situation. In all cases, the Company will strive to act in accordance with its policies and uphold the integrity of its platform and community.
The Company provides the Glider services "as is" and "as available," without warranty of any kind so far as permitted by applicable law. Without limiting this, we expressly disclaim so far as permitted by applicable law all warranties, whether express, implied, or statutory, regarding the Platform and the Glider service including without limitation any warranty of merchantability, fitness for a particular purpose, title, security, accuracy, and non-infringement. The Company does not warrant that the Glider service will meet your requirements; that the Glider service will be uninterrupted, timely, secure, or error-free; that the information provided through the Glider service is accurate, reliable, or correct; that any defects or errors will be corrected; that the Glider service will be available at any particular time or location; or that the Glider service is free of viruses or other harmful components. You assume full responsibility and risk of loss resulting from your downloading and/or use of files, information, content, or other material obtained from the Glider service.
By using Glider, you acknowledge and agree that:
The Company shall not be liable for any direct, indirect, incidental, consequential, special, or exemplary damages, including but not limited to loss of profits, goodwill, data, or other intangible losses, arising out of or in connection with your use or inability to use the services provided by Glider so far as permitted by applicable law.
The Company shall not be responsible for any errors, inaccuracies, or omissions in the content or information provided through its Platform. Glider Recipients are solely responsible for verifying the accuracy and reliability of any information obtained from Glider.
The Company does not guarantee the availability, continuity, or security of its Services. While we make every effort to ensure the uninterrupted operation of our Platform, we cannot guarantee that it will be free from interruptions, errors, or defects.
The Company shall not be liable for any damages resulting from unauthorized access to or alteration of your data, transmissions, or content. Glider Recipients are responsible for implementing appropriate security measures to protect their data and privacy.
In no event shall the Company's total liability to you for all claims, damages, or losses exceed the amount paid by you, if any, for accessing or using the Company’s Glider services during the twelve (12) months preceding the claim.
The Company shall not be liable for any failure or delay in performing its obligations under these terms due to circumstances beyond its reasonable control, including but not limited to natural disasters, acts of terrorism, labor disputes, or governmental actions.
By accessing or using the Company’s Glider services, you agree to release the Company from any and all liability arising out of or in connection with your use of the Platform and Glider. These limitations of liability shall apply regardless of the legal theory under which a claim is brought, including but not limited to contract, tort, negligence, or strict liability.
If you have a dispute with one or more Glider Recipients, you agree to release the Company from any and all claims, demands, and damages (actual and consequential) of every kind and nature, known and unknown, arising out of or in any way connected with such disputes. You agree to indemnify us, defend us, and hold us harmless from and against any and all claims, liabilities, and expenses, including attorneys’ fees, arising out of your use of the Platform, Glider and the Services, including but not limited to your violation of the Terms of Use and/or the Specific terms, provided that the Company: (1) promptly gives you written notice of the claim, demand, suit, or proceeding; (2) gives you sole control of the defense and settlement of the claim, demand, suit, or proceeding (provided that you may not settle any claim, demand, suit, or proceeding unless the settlement unconditionally releases Company of all liability); and (3) provides to you all reasonable assistance, at your expense.
We reserve the right, at our sole discretion, to amend the Terms of Use and these Specific terms at any time and will update the Terms of Use and/or these Specific terms in the event of any such amendments without notice.
Being part of the Glider community means refraining from using the Platform and/or Glider to support unlawful attacks that cause technical harm. We reserve the right to set different availability levels in our sole discretion.
refers to the platform () owned and operated by the Company.
Our Privacy Policy governs the collection of all information for Services by the Platform. By using the Platform, the Users consent to all actions taken by the Platform in accordance with the .