Security: Reporting a Vulnerability

At Raisely, we take the protection of our customers’ data seriously.

The Raisely engineering team acknowledges the valuable role that independent security researchers play in Internet security, and we’re especially grateful that you might use your valuable time to help secure a platform that operates for the benefit of non-profits. We encourage responsible disclosure of any vulnerabilities that may be found in our site or applications. Raisely is committed to working with security researchers to verify and address any potential vulnerabilities that are reported to us. 

Please review these terms before you test and/or report a vulnerability. Raisely pledges not to initiate legal action against researchers for penetrating or attempting to penetrate our systems as long as they adhere to this policy.

Testing for security vulnerabilities

Always use test or demo accounts when testing our online services.

Reporting a potential security vulnerability

  • Privately share details of the suspected vulnerability with Raisely by sending an email to security@raisely.com
  • Provide full details of the suspected vulnerability so the Raisely security team may validate and reproduce the issue

Prohibited security research activities

While we encourage you to discover and report to us any vulnerabilities you find in a responsible manner, the following conduct is expressly prohibited:

  • Performing actions that may negatively affect Raisely or its users (e.g. spam, brute force, denial of service…)
  • Accessing, or attempting to access, data or information that does not belong to you
  • Destroying or corrupting, or attempting to destroy or corrupt, data or information that does not belong to you
  • Conducting any kind of physical or electronic attack on Raisely personnel, property or data centers
  • Social engineering any Raisely service desk, employee or contractor
  • Conduct vulnerability testing of participating services using anything other than test accounts that you have signed up for yourself
  • Violating any laws or breaching any agreements in order to discover vulnerabilities

The Raisely engineering team commitment

We ask that you do not share or publicise an unresolved vulnerability with/to third parties. If you responsibly submit a vulnerability report, the Raisely engineering team will use reasonable efforts to:

  • Respond in a timely manner, acknowledging receipt of your vulnerability report
  • Provide an estimated time frame for addressing the vulnerability report
  • Notify you when the vulnerability has been fixed

We are happy to thank every individual researcher who submits a vulnerability report helping us improve our overall security posture at Raisely.

We will not automatically offer compensation for vulnerability reports. We may, at our sole discretion, offer compensation to researchers that report vulnerabilities that we deem to be high or critical in severity.

To be considered high in severity a report must, at a minimum, demonstrate a reproducible exploit that produces a privilege escalation, remote code execution or similar level of severity.

Reports of a low level or informational vulnerability with the suggestion that a high severity exploit may be possible in combination with other hypothetical issues will not be considered for compensation.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Our Support Team Contact Our Support Team