If you are unsure whether a service is within our scope or not, feel free to ask us via our contact form. If you're certain you've detected a potential security vulnerability, please fill in this form, and we'll be in touch with you as soon as possible.
Below are some specific examples of in-scope and out-of-scope apps and websites to help guide your research.
Target |
Eligible |
Ineligible |
BandLab |
Websites: bandlab.com, edu.bandlab.com, accounts.bandlab.com, cakewalk.bandlab.com, bnd.link Apps: BandLab, BandLab Assistant |
Websites: blog.bandlab.com, blog.edu.bandlab.com, careers.bandlab.com, help.bandlab.com, help.edu.bandlab.com rewards.bandlab.com, news.bandlab.com, |
AudioStretch |
Apps: AudioStretch, AudioStretch Lite |
Websites: www.audiostretch.com, help.audiostretch.com |
Cakewalk |
Websites: cakewalk.bandlab.com |
Websites: help.cakewalk.com, discuss.cakewalk.com |
Open Source |
Code repos: https://github.com/bandlab/ |
|
Other Partnerships/Acquisitions |
Websites: chew.tv, |
|
Portal |
Hardware: All first-party hardware (Link Devices) |
Out of Scope
- Spam or social engineering techniques.
- Denial-of-service attacks.
- Content injection. Posting content on BandLab is a core feature, and content injection (also "content spoofing" or "HTML injection") is out of scope unless you can clearly demonstrate a significant risk.
- Security issues in third-party apps or websites that integrate with BandLab (including most pages on bandlab.com)
- Mobile app crash reports that are not reproducible on up to date OS versions or releases within the last 6 calendar months
False Positives
- Profile pictures are available publicly. Your current profile picture is always public (regardless of size or resolution).
- Note that public information also includes your username, ID, location, birthday, gender, email address, real name, and/or anything you’ve shared publicly (Learn More).
- Accessing photos via raw image/audio/video URLs from our CDN (Content Delivery Network).
Comments
Article is closed for comments.