Responsible Vulnerability Disclosure

At Topcoder, we do our best to ensure that our website and applications are as secure as possible. To minimize the possibility of exposing vulnerabilities, Topcoder considers security at every aspect of the product development lifecycle and actively works with our members to address any potential issues. As with any software, vulnerabilities are a possibility. We encourage users who find security vulnerabilities to report them to us as soon as possible.

If you believe you’ve discovered a security vulnerability on a Topcoder property or application, we strongly encourage you to inform us as quickly as possible and to not disclose the vulnerability publicly until it is fixed. We appreciate your assistance, and we review all reports and will do our best to address the issue in a timely fashion.

Submit potential vulnerabilities to our hackerone page.

Responsible Disclosure Guidelines

To encourage bug and vulnerability reporting, we will not bring private action against you with respect to your bug and vulnerability research as long as you strictly comply with the following protocols:

• the vulnerability or bug, as applicable, is reported to Topcoder via hackerone (at the above link) as soon as possible. Please provide us a reasonable time period to address the issue.

• the vulnerability or bug, as applicable, is not published elsewhere

• the vulnerability or bug, as applicable, exists on a domain owned by Topcoder

• the vulnerability or bug, as applicable, is verifiable by the security team

• you do not cause or create service disruption (e.g. DoS), privacy issues (i.e. accessing a Topcoder customer’s data), and data destruction when performing vulnerability research.

• you do not request compensation for security vulnerability reports either from Topcoder or external vulnerability marketplaces.

• you do not phish or social engineer employees or customers of Topcoder.

• you do not run automated scanning tools and send us the output without confirming the issue is present.

• You do not exploit a security issue you discover for any reason.

• You do not violate any other applicable laws or regulations.

Please include the following information in your submission:

• a proof-of-concept or demonstration of the vulnerability

• detailed instructions on how to reproduce the vulnerability, including screenshots, target URLs, etc.

• an e-mail address we can contact you at

We will confirm your submission and evaluate the validity and reproducibility of the issue. For valid issues, we will work to fix the issue and keep you appraised of progress.