[{"id":3677856,"new_policy":"Palo Alto Software Vulnerability Disclosure Policy\n==================================================\nWe take the security of our systems and our user’s data very seriously. If you believe you have found a security vulnerability in our systems we’d love to hear from you!\n\n\nProgram rules\n-------------\nYou must make every effort to avoid the following during your research:\n* privacy violations\n* degradation of user experience\n* disruption to production systems\n* destruction of data\n* You must keep information about any vulnerabilities you’ve discovered confidential between yourself and Palo Alto Software until we’ve had 90 days to respond\n* You must follow HackerOne's [disclosure guidelines](https://www.hackerone.com/disclosure-guidelines).\n\nWe will do our part to respond as quickly as we’re able and to be as transparent as possible during the process. We appreciate your effort and want to make our applications as secure as possible.\n\nIf you sign up for any account on our systems (particularly for LivePlan or Outpost) specifically to test for security vulnerabilities, please use your **@wearehackerone.com** email alias (https://docs.hackerone.com/hackers/hacker-email-alias.html) so we can exclude you from labor intensive sales follow-up and from our conversion metrics.\n\nProgram Scope\n-------------\nThe following websites and applications are in scope\n* [www.paloalto.com](https://www.paloalto.com/?utm_source=HackerOne\u0026utm_medium=link\u0026utm_campaign=program-scope)\n* app.liveplan.com\n* [www.liveplan.com](https://www.liveplan.com/?utm_source=HackerOne\u0026utm_medium=link\u0026utm_campaign=program-scope)\n* [www.bplans.com](https://www.bplans.com/?utm_source=HackerOne\u0026utm_medium=link\u0026utm_campaign=program-scope)\n\nProgram Exclusions\n------------------\n* Social engineering or phishing attacks\n* Denial of service\n* Physical attacks against Palo Alto Software offices or employees\n* Issues found through automated testing\n* Any issues related to EmailCenterPro or found on any *.emailcenterpro.com site\n* Issues in outdated  or obscure browsers (including IE 11, which we no longer support)\n\nHow to report your findings?\n----------------------------\nPlease use our submission form at [HackerOne](https://HackerOne.com/palo_alto_software) to submit the vulnerability you’ve found. You may also email us at security@paloalto.com\n\nSafe Harbor\n-----------\nWe will not pursue a civil action or initiate a complaint to law enforcement for accidental, good faith violations of this policy.\n​\nIf legal action is initiated by a third party against you and you have complied with Palo Alto Software’s vulnerability disclosure policy, Palo Alto Software will take steps to make it known that your actions were conducted in compliance with this policy.\n","has_open_scope":null,"pays_within_one_month":null,"protected_by_gold_standard_safe_harbor":null,"protected_by_ai_safe_harbor":null,"disclosure_declaration":null,"introduction":null,"platform_standards_exclusions":[],"exemplary_standards_exclusions":[],"scope_exclusions":[],"timestamp":"2022-09-29T18:34:39.042Z"},{"id":3663883,"new_policy":"Palo Alto Software Vulnerability Disclosure Policy\n==================================================\nWe take the security of our systems and our user’s data very seriously. If you believe you have found a security vulnerability in our systems we’d love to hear from you!\n\n\nProgram rules\n-------------\nYou must make every effort to avoid the following during your research:\n* privacy violations\n* degradation of user experience\n* disruption to production systems\n* destruction of data\n* You must keep information about any vulnerabilities you’ve discovered confidential between yourself and Palo Alto Software until we’ve had 90 days to respond\n* You must follow HackerOne's [disclosure guidelines](https://www.hackerone.com/disclosure-guidelines).\n\nWe will do our part to respond as quickly as we’re able and to be as transparent as possible during the process. We appreciate your effort and want to make our applications as secure as possible.\n\nIf you sign up for any account on our systems (particularly for LivePlan or Outpost) specifically to test for security vulnerabilities, please use your **@wearehackerone.com** email alias (https://docs.hackerone.com/hackers/hacker-email-alias.html) so we can exclude you from labor intensive sales follow-up and from our conversion metrics.\n\nProgram Scope\n-------------\nThe following websites and applications are in scope\n* [www.paloalto.com](https://www.paloalto.com/?utm_source=HackerOne\u0026utm_medium=link\u0026utm_campaign=program-scope)\n* app.liveplan.com\n* [www.liveplan.com](https://www.liveplan.com/?utm_source=HackerOne\u0026utm_medium=link\u0026utm_campaign=program-scope)\n* [www.bplans.com](https://www.bplans.com/?utm_source=HackerOne\u0026utm_medium=link\u0026utm_campaign=program-scope)\n* [www.mplans.com](https://www.mplans.com/?utm_source=HackerOne\u0026utm_medium=link\u0026utm_campaign=program-scope)\n\nProgram Exclusions\n------------------\n* Social engineering or phishing attacks\n* Denial of service\n* Physical attacks against Palo Alto Software offices or employees\n* Issues found through automated testing\n* Any issues related to EmailCenterPro or found on any *.emailcenterpro.com site\n* Issues in outdated  or obscure browsers (including IE 11, which we no longer support)\n\nHow to report your findings?\n----------------------------\nPlease use our submission form at [HackerOne](https://HackerOne.com/palo_alto_software) to submit the vulnerability you’ve found. You may also email us at security@paloalto.com\n\nSafe Harbor\n-----------\nWe will not pursue a civil action or initiate a complaint to law enforcement for accidental, good faith violations of this policy.\n​\nIf legal action is initiated by a third party against you and you have complied with Palo Alto Software’s vulnerability disclosure policy, Palo Alto Software will take steps to make it known that your actions were conducted in compliance with this policy.\n","has_open_scope":null,"pays_within_one_month":null,"protected_by_gold_standard_safe_harbor":null,"protected_by_ai_safe_harbor":null,"disclosure_declaration":null,"introduction":null,"platform_standards_exclusions":[],"exemplary_standards_exclusions":[],"scope_exclusions":[],"timestamp":"2022-01-06T18:37:20.738Z"},{"id":3663882,"new_policy":"Palo Alto Software Vulnerability Disclosure Policy\n==================================================\nWe take the security of our systems and our user’s data very seriously. If you believe you have found a security vulnerability in our systems we’d love to hear from you!\n\n\nProgram rules\n-------------\nYou must make every effort to avoid the following during your research:\n* privacy violations\n* degradation of user experience\n* disruption to production systems\n* destruction of data\n* You must keep information about any vulnerabilities you’ve discovered confidential between yourself and Palo Alto Software until we’ve had 90 days to respond\n* You must follow HackerOne's [disclosure guidelines](https://www.hackerone.com/disclosure-guidelines).\n\nWe will do our part to respond as quickly as we’re able and to be as transparent as possible during the process. We appreciate your effort and want to make our applications as secure as possible.\n\nIf you sign up for any account on our systems (particularly for LivePlan or Outpost) specifically to test for security vulnerabilities, please use your **@wearehackerone.com** email alias (https://docs.hackerone.com/hackers/hacker-email-alias.html) so we can exclude you from labor intensive sales follow-up and from our conversion metrics.\n\nProgram Scope\n-------------\nThe following websites and applications are in scope\n* [www.paloalto.com](https://www.paloalto.com/?utm_source=HackerOne\u0026utm_medium=link\u0026utm_campaign=program-scope)\n* app.liveplan.com\n* [www.liveplan.com](https://www.liveplan.com/?utm_source=HackerOne\u0026utm_medium=link\u0026utm_campaign=program-scope)\n* [www.bplans.com](https://www.bplans.com/?utm_source=HackerOne\u0026utm_medium=link\u0026utm_campaign=program-scope)\n* [www.mplans.com](https://www.mplans.com/?utm_source=HackerOne\u0026utm_medium=link\u0026utm_campaign=program-scope)\n\nProgram Exclusions\n------------------\n* Social engineering or phishing attacks\n* Denial of service\n* Physical attacks against Palo Alto Software offices or employees\n* Issues found through automated testing\n* Any issues related to EmailCenterPro or found on any *.emailcenterpro.com site\n* Issues in outdated  or obscure browsers (including IE 11, which we no longer support)\n\nHow to report your findings?\n----------------------------\nPlease use our submission form at HackerOne.com/palo_alto_software to submit the vulnerability you’ve found. You may also email us at security@paloalto.com\n\nSafe Harbor\n-----------\nWe will not pursue a civil action or initiate a complaint to law enforcement for accidental, good faith violations of this policy.\n​\nIf legal action is initiated by a third party against you and you have complied with Palo Alto Software’s vulnerability disclosure policy, Palo Alto Software will take steps to make it known that your actions were conducted in compliance with this policy.\n","has_open_scope":null,"pays_within_one_month":null,"protected_by_gold_standard_safe_harbor":null,"protected_by_ai_safe_harbor":null,"disclosure_declaration":null,"introduction":null,"platform_standards_exclusions":[],"exemplary_standards_exclusions":[],"scope_exclusions":[],"timestamp":"2022-01-06T18:31:46.179Z"},{"id":3636413,"new_policy":"Palo Alto Software Vulnerability Disclosure Policy\n==================================================\nWe take the security of our systems and our user’s data very seriously. If you believe you have found a security vulnerability in our systems we’d love to hear from you!\n\n\nProgram rules\n-------------\nYou must make every effort to avoid the following during your research:\n* privacy violations\n* degradation of user experience\n* disruption to production systems\n* destruction of data\n* You must keep information about any vulnerabilities you’ve discovered confidential between yourself and Palo Alto Software until we’ve had 90 days to respond\n* You must follow HackerOne's [disclosure guidelines](https://www.hackerone.com/disclosure-guidelines).\n\nWe will do our part to respond as quickly as we’re able and to be as transparent as possible during the process. We appreciate your effort and want to make our applications as secure as possible.\n\nIf you sign up for any account on our systems (particularly for LivePlan or Outpost) specifically to test for security vulnerabilities, please use your **@wearehackerone.com** email alias (https://docs.hackerone.com/hackers/hacker-email-alias.html) so we can exclude you from labor intensive sales follow-up and from our conversion metrics.\n\nProgram Scope\n-------------\nThe following websites and applications are in scope\n* [www.paloalto.com](https://www.paloalto.com/?utm_source=HackerOne\u0026utm_medium=link\u0026utm_campaign=program-scope)\n* app.liveplan.com\n* app.outpost.co\n* api.outpost.co\n* [www.liveplan.com](https://www.liveplan.com/?utm_source=HackerOne\u0026utm_medium=link\u0026utm_campaign=program-scope)\n* [www.teamoutpost.com](https://www.teamoutpost.com/?utm_source=HackerOne\u0026utm_medium=link\u0026utm_campaign=program-scope)\n* [www.bplans.com](https://www.bplans.com/?utm_source=HackerOne\u0026utm_medium=link\u0026utm_campaign=program-scope)\n* [www.mplans.com](https://www.mplans.com/?utm_source=HackerOne\u0026utm_medium=link\u0026utm_campaign=program-scope)\n\nProgram Exclusions\n------------------\n* Social engineering or phishing attacks\n* Denial of service\n* Physical attacks against Palo Alto Software offices or employees\n* Issues found through automated testing\n* Any issues related to EmailCenterPro or found on any *.emailcenterpro.com site\n* Issues in outdated  or obscure browsers (including IE 11, which we no longer support)\n\nHow to report your findings?\n----------------------------\nPlease use our submission form at HackerOne.com/palo_alto_software to submit the vulnerability you’ve found. You may also email us at security@paloalto.com\n\nSafe Harbor\n-----------\nWe will not pursue a civil action or initiate a complaint to law enforcement for accidental, good faith violations of this policy.\n​\nIf legal action is initiated by a third party against you and you have complied with Palo Alto Software’s vulnerability disclosure policy, Palo Alto Software will take steps to make it known that your actions were conducted in compliance with this policy.\n","has_open_scope":null,"pays_within_one_month":null,"protected_by_gold_standard_safe_harbor":null,"protected_by_ai_safe_harbor":null,"disclosure_declaration":null,"introduction":null,"platform_standards_exclusions":[],"exemplary_standards_exclusions":[],"scope_exclusions":[],"timestamp":"2020-05-18T16:39:38.562Z"},{"id":3634051,"new_policy":"Palo Alto Software Vulnerability Disclosure Policy\n==================================================\nWe take the security of our systems and our user’s data very seriously. If you believe you have found a security vulnerability in our systems we’d love to hear from you!\n\n\nProgram rules\n-------------\nYou must make every effort to avoid the following during your research:\n* privacy violations\n* degradation of user experience\n* disruption to production systems\n* destruction of data\n* You must keep information about any vulnerabilities you’ve discovered confidential between yourself and Palo Alto Software until we’ve had 90 days to respond\n* You must follow HackerOne's [disclosure guidelines](https://www.hackerone.com/disclosure-guidelines).\n\nWe will do our part to respond as quickly as we’re able and to be as transparent as possible during the process. We appreciate your effort and want to make our applications as secure as possible.\n\nIf you sign up for any account on our systems (particularly for LivePlan or Outpost) specifically to test for security vulnerabilities, please use your wearehackerone.com email alias (https://docs.hackerone.com/hackers/hacker-email-alias.html) so we can exclude you from labor intensive sales follow-up and from our conversion metrics.\n\nProgram Scope\n-------------\nThe following websites and applications are in scope\n* www.paloalto.com\n* app.liveplan.com\n* app.outpost.co\n* api.outpost.co\n* www.outpost.co\n* www.liveplan.com\n* www.teamoutpost.com\n* www.bplans.com\n* www.mplans.com\n\nProgram Exclusions\n------------------\n* Social engineering or phishing attacks\n* Denial of service\n* Physical attacks against Palo Alto Software offices or employees\n* Issues found through automated testing\n* Any issues related to EmailCenterPro or found on any *.emailcenterpro.com site\n* Issues in outdated  or obscure browsers (including IE 11, which we no longer support)\n\nHow to report your findings?\n----------------------------\nPlease use our submission form at HackerOne.com/palo_alto_software to submit the vulnerability you’ve found. You may also email us at security@paloalto.com\n\nSafe Harbor\n-----------\nWe will not pursue a civil action or initiate a complaint to law enforcement for accidental, good faith violations of this policy.\n​\nIf legal action is initiated by a third party against you and you have complied with Palo Alto Software’s vulnerability disclosure policy, Palo Alto Software will take steps to make it known that your actions were conducted in compliance with this policy.\n","has_open_scope":null,"pays_within_one_month":null,"protected_by_gold_standard_safe_harbor":null,"protected_by_ai_safe_harbor":null,"disclosure_declaration":null,"introduction":null,"platform_standards_exclusions":[],"exemplary_standards_exclusions":[],"scope_exclusions":[],"timestamp":"2020-03-26T16:05:32.159Z"},{"id":3631065,"new_policy":"Palo Alto Software Vulnerability Disclosure Policy\n==================================================\nWe take the security of our systems and our user’s data very seriously. If you believe you have found a security vulnerability in our systems we’d love to hear from you!\n\n\nProgram rules\n-------------\nYou must make every effort to avoid the following during your research:\n* privacy violations\n* degradation of user experience\n* disruption to production systems\n* destruction of data\n* You must keep information about any vulnerabilities you’ve discovered confidential between yourself and Palo Alto Software until we’ve had a 90 days to respond\n* You must follow HackerOne's [disclosure guidelines](https://www.hackerone.com/disclosure-guidelines).\n\nWe will do our part to respond as quickly as we’re able and to be as transparent as possible during the process. We appreciate your effort and want to make our applications as secure as possible.\n\nIf you sign up for any account on our systems (particularly for LivePlan or Outpost) specifically to test for security vulnerabilities, please use your wearehackerone.com email alias (https://docs.hackerone.com/hackers/hacker-email-alias.html) so we can exclude you from labor intensive sales follow-up and from our conversion metrics.\n\nProgram Scope\n-------------\nThe following websites and applications are in scope\n* www.paloalto.com\n* app.liveplan.com\n* app.outpost.co\n* api.outpost.co\n* www.outpost.co\n* www.liveplan.com\n* www.teamoutpost.com\n* www.bplans.com\n* www.mplans.com\n\nProgram Exclusions\n------------------\n* Social engineering or phishing attacks\n* Denial of service\n* Physical attacks against Palo Alto Software offices or employees\n* Issues found through automated testing\n* Any issues related to EmailCenterPro or found on any *.emailcenterpro.com site\n\nHow to report your findings?\n----------------------------\nPlease use our submission form at HackerOne.com/palo_alto_software to submit the vulnerability you’ve found. You may also email us at security@paloalto.com\n\nSafe Harbor\n-----------\nWe will not pursue a civil action or initiate a complaint to law enforcement for accidental, good faith violations of this policy.\n​\nIf legal action is initiated by a third party against you and you have complied with Palo Alto Software’s vulnerability disclosure policy, Palo Alto Software will take steps to make it known that your actions were conducted in compliance with this policy.\n","has_open_scope":null,"pays_within_one_month":null,"protected_by_gold_standard_safe_harbor":null,"protected_by_ai_safe_harbor":null,"disclosure_declaration":null,"introduction":null,"platform_standards_exclusions":[],"exemplary_standards_exclusions":[],"scope_exclusions":[],"timestamp":"2020-02-20T21:42:51.786Z"},{"id":3626748,"new_policy":"Palo Alto Software Vulnerability Disclosure Policy\n==================================================\nWe take the security of our systems and our user’s data very seriously. If you believe you have found a security vulnerability in our systems we’d love to hear from you!\n\n\nProgram rules\n-------------\nYou must make every effort to avoid the following during your research:\n* privacy violations\n* degradation of user experience\n* disruption to production systems\n* destruction of data\n* You must keep information about any vulnerabilities you’ve discovered confidential between yourself and Palo Alto Software until we’ve had a 90 days to respond\n* You must follow HackerOne's [disclosure guidelines](https://www.hackerone.com/disclosure-guidelines).\n\nWe will do our part to respond as quickly as we’re able and to be as transparent as possible during the process. We appreciate your effort and want to make our applications as secure as possible.\n\nIf you sign up for any account on our systems (particularly for LivePlan or Outpost) specifically to test for security vulnerabilities, please use your wearehackerone.com email alias (https://docs.hackerone.com/hackers/hacker-email-alias.html) so we can exclude you from labor intensive sales follow-up and from our conversion metrics.\n\nProgram Scope\n-------------\nThe following websites and applications are in scope\n* www.paloalto.com\n* app.liveplan.com\n* app.outpost.co\n* api.outpost.co\n* www.outpost.co\n* www.liveplan.com\n* www.teamoutpost.com\n* www.bplans.com\n* www.mplans.com\n\nProgram Exclusions\n------------------\n* Social engineering or phishing attacks\n* Denial of service\n* Physical attacks against Palo Alto Software offices or employees\n* Issues found through automated testing\n* Any issues related to EmailCenterPro or found on any *.emailcenterpro.com site\n\nHow to report your findings?\n----------------------------\nPlease use our submission form at HackerOne.com/paloaltosoftware to submit the vulnerability you’ve found. You may also email us at security@paloalto.com\n\nSafe Harbor\n-----------\nWe will not pursue a civil action or initiate a complaint to law enforcement for accidental, good faith violations of this policy.\n​\nIf legal action is initiated by a third party against you and you have complied with Palo Alto Software’s vulnerability disclosure policy, Palo Alto Software will take steps to make it known that your actions were conducted in compliance with this policy.\n","has_open_scope":null,"pays_within_one_month":null,"protected_by_gold_standard_safe_harbor":null,"protected_by_ai_safe_harbor":null,"disclosure_declaration":null,"introduction":null,"platform_standards_exclusions":[],"exemplary_standards_exclusions":[],"scope_exclusions":[],"timestamp":"2019-12-22T00:39:26.146Z"},{"id":3626747,"new_policy":"Palo Alto Software Vulnerability Disclosure Policy\n==================================================\nWe take the security of our systems and our user’s data very seriously. If you believe you have found a security vulnerability in our systems we’d love to hear from you!\n\n\nProgram rules\n-------------\nYou must make every effort to avoid the following during your research:\n* privacy violations\n* degradation of user experience\n* disruption to production systems\n* destruction of data\n* You must keep information about any vulnerabilities you’ve discovered confidential between yourself and Palo Alto Software until we’ve had a 90 days to respond\n* You must follow HackerOne's [disclosure guidelines](https://www.hackerone.com/disclosure-guidelines).\n\nWe will do our part to respond as quickly as we’re able and to be as transparent as possible during the process. We appreciate your effort and want to make our applications as secure as possible.\n\nIf you sign up for any account on our systems (particularly for LivePlan or Outpost) specifically to test for security vulnerabilities, please use your wearehackerone.com email alias (https://docs.hackerone.com/hackers/hacker-email-alias.html) so we can exclude you from labor intensive sales follow-up and from our conversion metrics.\n\nProgram Scope\n-------------\nThe following websites and applications are in scope\n* www.paloalto.com\n* *.liveplan.com\n* *.outpost.co\n* *.teamoutpost.com\n* the Outpost desktop application\n* the LivePlan desktop application\n* *.bplans.com\n* *.mplans.com\n\nProgram Exclusions\n------------------\n* Social engineering or phishing attacks\n* Denial of service\n* Physical attacks against Palo Alto Software offices or employees\n* Issues found through automated testing\n* Any issues related to EmailCenterPro or found on any *.emailcenterpro.com site\n\nHow to report your findings?\n----------------------------\nPlease use our submission form at HackerOne.com/paloaltosoftware to submit the vulnerability you’ve found. You may also email us at security@paloalto.com\n\nSafe Harbor\n-----------\nWe will not pursue a civil action or initiate a complaint to law enforcement for accidental, good faith violations of this policy.\n​\nIf legal action is initiated by a third party against you and you have complied with Palo Alto Software’s vulnerability disclosure policy, Palo Alto Software will take steps to make it known that your actions were conducted in compliance with this policy.\n","has_open_scope":null,"pays_within_one_month":null,"protected_by_gold_standard_safe_harbor":null,"protected_by_ai_safe_harbor":null,"disclosure_declaration":null,"introduction":null,"platform_standards_exclusions":[],"exemplary_standards_exclusions":[],"scope_exclusions":[],"timestamp":"2019-12-22T00:37:09.443Z"},{"id":3626727,"new_policy":"Palo Alto Software Vulnerability Disclosure Policy\n==================================================\nWe take the security of our systems and our user’s data very seriously. If you believe you have found a security vulnerability in our systems we’d love to hear from you!\n\n\nProgram rules\n-------------\nYou must make every effort to avoid the following during your research:\n* privacy violations\n* degradation of user experience\n* disruption to production systems\n* destruction of data\n* You must keep information about any vulnerabilities you’ve discovered confidential between yourself and Palo Alto Software until we’ve had a 90 days to respond\n* You must follow HackerOne's [disclosure guidelines](https://www.hackerone.com/disclosure-guidelines).\n\nWe will do our part to respond as quickly as we’re able and to be as transparent as possible during the process. We appreciate your effort and want to make our applications as secure as possible.\n\nIf you sign up for any account on our systems (particularly for LivePlan or Outpost) specifically to test for security vulnerabilities, please use your wearehackerone.com email alias (https://docs.hackerone.com/hackers/hacker-email-alias.html) so we can exclude you from labor intensive sales follow-up and from our conversion metrics.\n\nProgram Scope\n-------------\nThe following websites and applications are in scope\n* *.paloalto.com (excluding win.paloalto.com and archived-support.paloalto.com)\n* *.liveplan.com\n* *.outpost.co\n* *.teamoutpost.com\n* the Outpost desktop application\n* the LivePlan desktop application\n* *.bplans.com\n* *.mplans.com\n\nProgram Exclusions\n------------------\n* Social engineering or phishing attacks\n* Denial of service\n* Physical attacks against Palo Alto Software offices or employees\n* Issues found through automated testing\n* Any issues related to EmailCenterPro or found on any *.emailcenterpro.com site\n\nHow to report your findings?\n----------------------------\nPlease use our submission form at HackerOne.com/paloaltosoftware to submit the vulnerability you’ve found. You may also email us at security@paloalto.com\n\nSafe Harbor\n-----------\nWe will not pursue a civil action or initiate a complaint to law enforcement for accidental, good faith violations of this policy.\n​\nIf legal action is initiated by a third party against you and you have complied with Palo Alto Software’s vulnerability disclosure policy, Palo Alto Software will take steps to make it known that your actions were conducted in compliance with this policy.\n","has_open_scope":null,"pays_within_one_month":null,"protected_by_gold_standard_safe_harbor":null,"protected_by_ai_safe_harbor":null,"disclosure_declaration":null,"introduction":null,"platform_standards_exclusions":[],"exemplary_standards_exclusions":[],"scope_exclusions":[],"timestamp":"2019-12-21T16:14:14.283Z"},{"id":3626676,"new_policy":"Palo Alto Software Vulnerability Disclosure Policy\n==================================================\nWe take the security of our systems and our user’s data very seriously. If you believe you have found a security vulnerability in our systems we’d love to hear from you!\n\n\nProgram rules\n-------------\nYou must make every effort to avoid the following during your research:\n* privacy violations\n* degradation of user experience\n* disruption to production systems\n* destruction of data\n* You must keep information about any vulnerabilities you’ve discovered confidential between yourself and Palo Alto Software until we’ve had a 90 days to respond\n* You must follow HackerOne's [disclosure guidelines](https://www.hackerone.com/disclosure-guidelines).\n\nWe will do our part to respond as quickly as we’re able and to be as transparent as possible during the process. We appreciate your effort and want to make our applications as secure as possible.\n\nIf you sign up for any account on our systems (particularly for LivePlan or Outpost) specifically to test for security vulnerabilities, please use your wearehackerone.com email alias (https://docs.hackerone.com/hackers/hacker-email-alias.html) so we can exclude you from labor intensive sales follow-up and from our conversion metrics.\n\nProgram Scope\n-------------\nThe following websites and applications are in scope\n* *.paloalto.com\n* *.liveplan.com\n* *.outpost.co\n* *.teamoutpost.com\n* the Outpost desktop application\n* the LivePlan desktop application\n* *.bplans.com\n* *.mplans.com\n\nProgram Exclusions\n------------------\n* Social engineering or phishing attacks\n* Denial of service\n* Physical attacks against Palo Alto Software offices or employees\n* Issues found through automated testing\n* Any issues related to EmailCenterPro or found on any *.emailcenterpro.com site\n\nHow to report your findings?\n----------------------------\nPlease use our submission form at HackerOne.com/paloaltosoftware to submit the vulnerability you’ve found. You may also email us at security@paloalto.com\n\nSafe Harbor\n-----------\nWe will not pursue a civil action or initiate a complaint to law enforcement for accidental, good faith violations of this policy.\n​\nIf legal action is initiated by a third party against you and you have complied with Palo Alto Software’s vulnerability disclosure policy, Palo Alto Software will take steps to make it known that your actions were conducted in compliance with this policy.\n","has_open_scope":null,"pays_within_one_month":null,"protected_by_gold_standard_safe_harbor":null,"protected_by_ai_safe_harbor":null,"disclosure_declaration":null,"introduction":null,"platform_standards_exclusions":[],"exemplary_standards_exclusions":[],"scope_exclusions":[],"timestamp":"2019-12-20T21:52:04.397Z"},{"id":3626631,"new_policy":"Palo Alto Software Vulnerability Disclosure Policy\n==================================================\nWe take the security of our systems and our user’s data very seriously. If you believe you have found a security vulnerability in our systems we’d love to hear from you!\n\n\nProgram rules\n-------------\nYou must make every effort to avoid the following during your research:\n* privacy violations\n* degradation of user experience\n* disruption to production systems\n* destruction of data\n* You must keep information about any vulnerabilities you’ve discovered confidential between yourself and Palo Alto Software until we’ve had a 90 days to respond\n* You must follow HackerOne's [disclosure guidelines](https://www.hackerone.com/disclosure-guidelines).\n\nWe will do our part to respond as quickly as we’re able and to be as transparent as possible during the process. We appreciate your effort and want to make our applications as secure as possible.\n\n\nProgram Scope\n-------------\nThe following websites and applications are in scope\n* *.paloalto.com\n* *.liveplan.com\n* *.outpost.co\n* *.teamoutpost.com\n* the Outpost desktop application\n* the LivePlan desktop application\n* *.bplans.com\n* *.mplans.com\n\nProgram Exclusions\n------------------\n* Social engineering or phishing attacks\n* Denial of service\n* Physical attacks against Palo Alto Software offices or employees\n* Issues found through automated testing\n* Any issues related to EmailCenterPro or found on any *.emailcenterpro.com site\n\nHow to report your findings?\n----------------------------\nPlease use our submission form at HackerOne.com/paloaltosoftware to submit the vulnerability you’ve found. You may also email us at security@paloalto.com\n\nSafe Harbor\n-----------\nWe will not pursue a civil action or initiate a complaint to law enforcement for accidental, good faith violations of this policy.\n​\nIf legal action is initiated by a third party against you and you have complied with Palo Alto Software’s vulnerability disclosure policy, Palo Alto Software will take steps to make it known that your actions were conducted in compliance with this policy.\n","has_open_scope":null,"pays_within_one_month":null,"protected_by_gold_standard_safe_harbor":null,"protected_by_ai_safe_harbor":null,"disclosure_declaration":null,"introduction":null,"platform_standards_exclusions":[],"exemplary_standards_exclusions":[],"scope_exclusions":[],"timestamp":"2019-12-20T15:43:08.203Z"}]