[{"id":3541691,"new_policy":"# Veris Program has been closed temporarily\n","has_open_scope":null,"pays_within_one_month":null,"protected_by_gold_standard_safe_harbor":null,"protected_by_ai_safe_harbor":null,"disclosure_declaration":null,"introduction":null,"platform_standards_exclusions":[],"exemplary_standards_exclusions":[],"scope_exclusions":[],"timestamp":"2016-11-13T18:26:30.712Z"},{"id":2774486,"new_policy":"Veris helps you create a secure identity that's always on your mobile and can be instantly validated anywhere in the world.\nAt Veris we are creating a whole new way for you to manage your identity. No more log books and tapping details on touch screens. No more ID proofs and business cards, photographs or printed badges. No verification calls to hosts inside.\nWe take security seriously at Veris, and we’re committed to protecting our community. If you are a security researcher or expert, and believe you’ve identified security-related issues with Veris apps, we would appreciate you disclosing it to us responsibly.\n\nOur team is committed to addressing all security issues in a responsible and timely manner, and we ask the security community to give us the opportunity to do so before disclosing them publicly. Please submit a detailed description of the issue to us, along with the steps to reproduce it. We trust the security community to make every effort to protect our users’ data and privacy.\n\n##Disclosure Policy\n\nLet us know as soon as possible upon discovery of a potential security issue, and we'll make every effort to quickly resolve the issue.\nProvide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party.\nMake a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit permission of the account holder.\n\nAlso, We would appreciate if our researchers confirm with us before requesting public disclosure of a report.\n\n##Scope\n\nThe scope of issues is limited to technical vulnerabilities in the \n- Veris View Portal\n- Veris Terminal apps \n- Veris mobile apps. \nPlease do not attempt to compromise the safety or privacy of our users (so please use test accounts), or the availability of Veris through DoS attacks or spam. We also request you not to use vulnerability testing tools that generate a significant volume of traffic.\n\n##Domains under the Scope\n- sandbox.veris.in\n- https://www.veris.in/hackerone-sandbox-apps-download/ ( mobile apps for sandbox )\n\n##Bounty Program\n\nSince we are a `bootstrapped start-up`, we do not currently have a monetary bug bounty program, but any report that results in a change will at minimum receive Hall of Fame recognition. We would also be more than happy to provide a certificate of acknowledgement and appreciation.\n\n\n##Non-qualifying vulnerabilities\n\nAlthough we review every reported issue on a case-by-case basis, some of them may not qualify depending on their impact. Here are some common low-risk issues that typically do not qualify:\n\n- Vulnerabilities already reported before are not eligible for rewards\n- Attacks requiring physical access to a user's device\n- Invalid or missing SPF (Sender Policy Framework) records\n- Issues related to software or protocols not under Veris's control\n- Reports of spam\n- Vulnerabilities only affecting users of outdated or unpatched browsers and platforms\n- Any physical attempts against Veris property or data centers\n- Issues without clearly identified security impact, such as clickjacking on a static website, missing security headers, or descriptive error messages\n- Wordpress hosted on, www.veris.in \u0026 any XSS on WP\n\n##Important Instructions to Onboard the Veris Platform\n\nPlease use the links below to register for the Veris View Portal\n\nAlso, use the links below to download the Veris User App for Android and Veris for Frontdesk App for Android. iOS apps will be served soon.\n\nThe API documentation of Veris User application can be accessed from our APIary page. Please find the link below.\n\n##Open API list/ SDK (initial draft)\n\nhttp://docs.veris.apiary.io\n\nAlso note that  the current testing and research is on a Sandbox Server which is not the Production environment. All reports received are acted upon simultaneously for both the servers. Sandbox and Production environment are exact replicas.\n\n##We do not appreciate testing or obtaining accounts on the `live.veris.in` domain for the reason that its not ready yet. Please note the same and co-operate with us.\n \nThank you for helping keep Veris safe for the community!\n\nAnnouncements\n===\n# Friday, May 13, 2016\n- List of Security Researchers, keeping the Veris safe, would soon be displayed on our website.\n","has_open_scope":null,"pays_within_one_month":null,"protected_by_gold_standard_safe_harbor":null,"protected_by_ai_safe_harbor":null,"disclosure_declaration":null,"introduction":null,"platform_standards_exclusions":[],"exemplary_standards_exclusions":[],"scope_exclusions":[],"timestamp":"2016-05-17T09:37:13.040Z"},{"id":2757563,"new_policy":"Veris helps you create a secure identity that's always on your mobile and can be instantly validated anywhere in the world.\nAt Veris we are creating a whole new way for you to manage your identity. No more log books and tapping details on touch screens. No more ID proofs and business cards, photographs or printed badges. No verification calls to hosts inside.\nWe take security seriously at Veris, and we’re committed to protecting our community. If you are a security researcher or expert, and believe you’ve identified security-related issues with Veris apps, we would appreciate you disclosing it to us responsibly.\n\nOur team is committed to addressing all security issues in a responsible and timely manner, and we ask the security community to give us the opportunity to do so before disclosing them publicly. Please submit a detailed description of the issue to us, along with the steps to reproduce it. We trust the security community to make every effort to protect our users’ data and privacy.\n\n##Disclosure Policy\n\nLet us know as soon as possible upon discovery of a potential security issue, and we'll make every effort to quickly resolve the issue.\nProvide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party.\nMake a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit permission of the account holder.\n\nAlso, We would appreciate if our researchers confirm with us before requesting public disclosure of a report.\n\n##Scope\n\nThe scope of issues is limited to technical vulnerabilities in the \n- Veris View Portal\n- Veris Terminal apps \n- Veris mobile apps. \nPlease do not attempt to compromise the safety or privacy of our users (so please use test accounts), or the availability of Veris through DoS attacks or spam. We also request you not to use vulnerability testing tools that generate a significant volume of traffic.\n\n##Domains under the Scope\n- sandbox.veris.in\n- https://www.veris.in/hackerone-sandbox-apps-download/ ( mobile apps for sandbox )\n\n##Bounty Program\n\nSince we are a `bootstrapped start-up`, we do not currently have a monetary bug bounty program, but any report that results in a change will at minimum receive Hall of Fame recognition. We would also be more than happy to provide a certificate of acknowledgement and appreciation.\n\n\n##Non-qualifying vulnerabilities\n\nAlthough we review every reported issue on a case-by-case basis, some of them may not qualify depending on their impact. Here are some common low-risk issues that typically do not qualify:\n\n- Vulnerabilities already reported before are not eligible for rewards\n- Attacks requiring physical access to a user's device\n- Invalid or missing SPF (Sender Policy Framework) records\n- Issues related to software or protocols not under Veris's control\n- Reports of spam\n- Vulnerabilities only affecting users of outdated or unpatched browsers and platforms\n- Any physical attempts against Veris property or data centers\n- Issues without clearly identified security impact, such as clickjacking on a static website, missing security headers, or descriptive error messages\n- Wordpress hosted on, www.veris.in \u0026 any XSS on WP\n\n##Important Instructions to Onboard the Veris Platform\n\nPlease use the links below to register for the Veris View Portal\n\nAlso, use the links below to download the Veris User App for Android and Veris for Frontdesk App for Android. iOS apps will be served soon.\n\nThe API documentation of Veris User application can be accessed from our APIary page. Please find the link below.\n\n##Open API list/ SDK (initial draft)\n\nhttp://docs.veris.apiary.io\n\nAlso note that  the current testing and research is on a Sandbox Server which is not the Production environment. All reports received are acted upon simultaneously for both the servers. Sandbox and Production environment are exact replicas.\n\n##We do not appreciate testing or obtaining accounts on the `live.veris.in` domain for the reason that its not ready yet. Please note the same and co-operate with us.\n \nThank you for helping keep Veris safe for the community!\n\nAnnouncements\n===\n# Friday, May 13, 2016\n- List of Hackers, keeping the Veris safe, would soon be displayed on our website.\n","has_open_scope":null,"pays_within_one_month":null,"protected_by_gold_standard_safe_harbor":null,"protected_by_ai_safe_harbor":null,"disclosure_declaration":null,"introduction":null,"platform_standards_exclusions":[],"exemplary_standards_exclusions":[],"scope_exclusions":[],"timestamp":"2016-05-13T06:00:02.914Z"},{"id":2754731,"new_policy":"Veris helps you create a secure identity that's always on your mobile and can be instantly validated anywhere in the world.\nAt Veris we are creating a whole new way for you to manage your identity. No more log books and tapping details on touch screens. No more ID proofs and business cards, photographs or printed badges. No verification calls to hosts inside.\nWe take security seriously at Veris, and we’re committed to protecting our community. If you are a security researcher or expert, and believe you’ve identified security-related issues with Veris’s website or apps, we would appreciate you disclosing it to us responsibly.\n\nOur team is committed to addressing all security issues in a responsible and timely manner, and we ask the security community to give us the opportunity to do so before disclosing them publicly. Please submit a detailed description of the issue to us, along with the steps to reproduce it. We trust the security community to make every effort to protect our users’ data and privacy.\n\n##Disclosure Policy\n\nLet us know as soon as possible upon discovery of a potential security issue, and we'll make every effort to quickly resolve the issue.\nProvide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party.\nMake a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit permission of the account holder.\n\nAlso, We would appreciate if our researchers confirm with us before requesting public disclosure of a report.\n\n##Scope\n\nThe scope of issues is limited to technical vulnerabilities in the Veris website, Veris View Portal, Veris Terminal apps and Veris mobile apps. Please do not attempt to compromise the safety or privacy of our users (so please use test accounts), or the availability of Veris through DoS attacks or spam. We also request you not to use vulnerability testing tools that generate a significant volume of traffic.\n\n##Bounty Program\n\nSince we are a bootstrapped start-up, we do not currently have a monetary bug bounty program, but any report that results in a change will at minimum receive Hall of Fame recognition. We would also be more than happy to provide a certificate of acknowledgement and appreciation.\n\n\n##Non-qualifying vulnerabilities\n\nAlthough we review every reported issue on a case-by-case basis, some of them may not qualify depending on their impact. Here are some common low-risk issues that typically do not qualify:\n\n-Vulnerabilities already reported before are not eligible for rewards\n-Attacks requiring physical access to a user's device\n-Invalid or missing SPF (Sender Policy Framework) records\n-Issues related to software or protocols not under Veris's control\n-Reports of spam\n-Vulnerabilities only affecting users of outdated or unpatched browsers and platforms\n-Any physical attempts against Veris property or data centers\n-Issues without clearly identified security impact, such as clickjacking on a static website, missing security headers, or descriptive error messages\n- Wordpress hosted on, www.veris.in \u0026 any XSS on WP\n\nThank you for helping keep Veris safe for the community!\n\n##Important Instructions to Onboard the Veris Platform\n\nPlease use the links below to register for the Veris View Portal\n\nAlso, use the links below to download the Veris User App for Android and Veris for Frontdesk App for Android. iOS apps will be served soon.\n\nThe API documentation of Veris User application can be accessed from our APIary page. Please find the link below.\n\n##Open API list/ SDK (initial draft)\n\nhttp://docs.veris.apiary.io\n\n##Considered Scope\n- sandbox.veris.in\n- https://www.veris.in/hackerone-sandbox-apps-download/ ( mobile apps for sandbox )\n\nAlso note that  the current testing and research is on a Sandbox Server which is not the Production environment. All reports received are acted upon simultaneously for both the servers. Sandbox and Production environment are exact replicas.\n\n##We do not appreciate testing or obtaining accounts on the `live.veris.in` domain for the reason that its not ready yet. Please note the same and co-operate with us.\n","has_open_scope":null,"pays_within_one_month":null,"protected_by_gold_standard_safe_harbor":null,"protected_by_ai_safe_harbor":null,"disclosure_declaration":null,"introduction":null,"platform_standards_exclusions":[],"exemplary_standards_exclusions":[],"scope_exclusions":[],"timestamp":"2016-05-12T18:57:38.942Z"},{"id":2581998,"new_policy":"Veris helps you create a secure identity that's always on your mobile and can be instantly validated anywhere in the world.\nAt Veris we are creating a whole new way for you to manage your identity. No more log books and tapping details on touch screens. No more ID proofs and business cards, photographs or printed badges. No verification calls to hosts inside.\nWe take security seriously at Veris, and we’re committed to protecting our community. If you are a security researcher or expert, and believe you’ve identified security-related issues with Veris’s website or apps, we would appreciate you disclosing it to us responsibly.\n\nOur team is committed to addressing all security issues in a responsible and timely manner, and we ask the security community to give us the opportunity to do so before disclosing them publicly. Please submit a detailed description of the issue to us, along with the steps to reproduce it. We trust the security community to make every effort to protect our users’ data and privacy.\n\n##Disclosure Policy\n\nLet us know as soon as possible upon discovery of a potential security issue, and we'll make every effort to quickly resolve the issue.\nProvide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party.\nMake a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit permission of the account holder.\n\nAlso, We would appreciate if our researchers confirm with us before requesting public disclosure of a report.\n\n##Scope\n\nThe scope of issues is limited to technical vulnerabilities in the Veris website, Veris View Portal, Veris Terminal apps and Veris mobile apps. Please do not attempt to compromise the safety or privacy of our users (so please use test accounts), or the availability of Veris through DoS attacks or spam. We also request you not to use vulnerability testing tools that generate a significant volume of traffic.\n\n##Bounty Program\n\nSince we are a bootstrapped start-up, we do not currently have a monetary bug bounty program, but any report that results in a change will at minimum receive Hall of Fame recognition. We would also be more than happy to provide a certificate of acknowledgement and appreciation.\n\n\n##Non-qualifying vulnerabilities\n\nAlthough we review every reported issue on a case-by-case basis, some of them may not qualify depending on their impact. Here are some common low-risk issues that typically do not qualify:\n\n-Vulnerabilities already reported before are not eligible for rewards\n-Attacks requiring physical access to a user's device\n-Invalid or missing SPF (Sender Policy Framework) records\n-Issues related to software or protocols not under Veris's control\n-Reports of spam\n-Vulnerabilities only affecting users of outdated or unpatched browsers and platforms\n-Any physical attempts against Veris property or data centers\n-Issues without clearly identified security impact, such as clickjacking on a static website, missing security headers, or descriptive error messages\n\nThank you for helping keep Veris safe for the community!\n\n##Important Instructions to Onboard the Veris Platform\n\nPlease use the links below to register for the Veris View Portal\nAlso, use the links below to download the Veris User App for Android and Veris for Frontdesk App for Android. iOS apps will be served soon.\nThe API documentation of Veris User application can be accessed from our APIary page. Please find the link below.\n\nAlso note that  the current testing and research is on a Sandbox Server which is not the Production environment. All reports received are acted upon simultaneously for both the servers. Sandbox and Production environment are exact replicas.\n##We do not appreciate testing or obtaining accounts on the live.veris.in domain for the reason that its not ready yet. Please note the same and co-operate with us.\n\n##Open API list/ SDK (initial draft)\n\nhttp://docs.veris.apiary.io\n","has_open_scope":null,"pays_within_one_month":null,"protected_by_gold_standard_safe_harbor":null,"protected_by_ai_safe_harbor":null,"disclosure_declaration":null,"introduction":null,"platform_standards_exclusions":[],"exemplary_standards_exclusions":[],"scope_exclusions":[],"timestamp":"2016-05-02T14:53:07.336Z"},{"id":2581962,"new_policy":"Veris helps you create a secure identity that's always on your mobile and can be instantly validated anywhere in the world.\nAt Veris we are creating a whole new way for you to manage your identity. No more log books and tapping details on touch screens. No more ID proofs and business cards, photographs or printed badges. No verification calls to hosts inside.\nWe take security seriously at Veris, and we’re committed to protecting our community. If you are a security researcher or expert, and believe you’ve identified security-related issues with Veris’s website or apps, we would appreciate you disclosing it to us responsibly.\n\nOur team is committed to addressing all security issues in a responsible and timely manner, and we ask the security community to give us the opportunity to do so before disclosing them publicly. Please submit a detailed description of the issue to us, along with the steps to reproduce it. We trust the security community to make every effort to protect our users’ data and privacy.\n\n##Disclosure Policy\n\nLet us know as soon as possible upon discovery of a potential security issue, and we'll make every effort to quickly resolve the issue.\nProvide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party.\nMake a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit permission of the account holder.\n\n##Scope\n\nThe scope of issues is limited to technical vulnerabilities in the Veris website, Veris View Portal, Veris Terminal apps and Veris mobile apps. Please do not attempt to compromise the safety or privacy of our users (so please use test accounts), or the availability of Veris through DoS attacks or spam. We also request you not to use vulnerability testing tools that generate a significant volume of traffic.\n\n##Bounty Program\n\nSince we are a bootstrapped start-up, we do not currently have a monetary bug bounty program, but any report that results in a change will at minimum receive Hall of Fame recognition. We would also be more than happy to provide a certificate of acknowledgement and appreciation.\n\nAlso, We would appreciate if our researchers confirm with us before requesting disclosure of a report.\n\n##Non-qualifying vulnerabilities\n\nAlthough we review every reported issue on a case-by-case basis, some of them may not qualify depending on their impact. Here are some common low-risk issues that typically do not qualify:\n\n-Vulnerabilities already reported before are not eligible for rewards\n-Attacks requiring physical access to a user's device\n-Invalid or missing SPF (Sender Policy Framework) records\n-Issues related to software or protocols not under Veris's control\n-Reports of spam\n-Vulnerabilities only affecting users of outdated or unpatched browsers and platforms\n-Any physical attempts against Veris property or data centers\n-Issues without clearly identified security impact, such as clickjacking on a static website, missing security headers, or descriptive error messages\n\nThank you for helping keep Veris safe for the community!\n\n##Important Instructions to Onboard the Veris Platform\n\nPlease use the links below to register for the Veris View Portal\nAlso, use the links below to download the Veris User App for Android and Veris for Frontdesk App for Android. iOS apps will be served soon.\nThe API documentation of Veris User application can be accessed from our APIary page. Please find the link below.\n\nAlso note that  the current testing and research is on a Sandbox Server which is not the Production environment. All reports received are acted upon simultaneously for both the servers. Sandbox and Production environment are exact replicas.\n##We do not appreciate testing or obtaining accounts on the live.veris.in domain for the reason that its not ready yet. Please note the same and co-operate with us.\n\n##Open API list/ SDK (initial draft)\n\nhttp://docs.veris.apiary.io\n","has_open_scope":null,"pays_within_one_month":null,"protected_by_gold_standard_safe_harbor":null,"protected_by_ai_safe_harbor":null,"disclosure_declaration":null,"introduction":null,"platform_standards_exclusions":[],"exemplary_standards_exclusions":[],"scope_exclusions":[],"timestamp":"2016-05-02T14:52:15.327Z"},{"id":2362288,"new_policy":"Veris helps you create a secure identity that's always on your mobile and can be instantly validated anywhere in the world.\nAt Veris we are creating a whole new way for you to manage your identity. No more log books and tapping details on touch screens. No more ID proofs and business cards, photographs or printed badges. No verification calls to hosts inside.\nWe take security seriously at Veris, and we’re committed to protecting our community. If you are a security researcher or expert, and believe you’ve identified security-related issues with Veris’s website or apps, we would appreciate you disclosing it to us responsibly.\n\nOur team is committed to addressing all security issues in a responsible and timely manner, and we ask the security community to give us the opportunity to do so before disclosing them publicly. Please submit a detailed description of the issue to us, along with the steps to reproduce it. We trust the security community to make every effort to protect our users’ data and privacy.\n\n##Disclosure Policy\n\nLet us know as soon as possible upon discovery of a potential security issue, and we'll make every effort to quickly resolve the issue.\nProvide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party.\nMake a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit permission of the account holder.\n\n##Scope\n\nThe scope of issues is limited to technical vulnerabilities in the Veris website, Veris View Portal, Veris Terminal apps and Veris mobile apps. Please do not attempt to compromise the safety or privacy of our users (so please use test accounts), or the availability of Veris through DoS attacks or spam. We also request you not to use vulnerability testing tools that generate a significant volume of traffic.\n\n##Bounty Program\n\nSince we are a bootstrapped start-up, we do not currently have a monetary bug bounty program, but any report that results in a change will at minimum receive Hall of Fame recognition. We would also be more than happy to provide a certificate of acknowledgement and appreciation.\n\n##Non-qualifying vulnerabilities\n\nAlthough we review every reported issue on a case-by-case basis, some of them may not qualify depending on their impact. Here are some common low-risk issues that typically do not qualify:\n\n-Vulnerabilities already reported before are not eligible for rewards\n-Attacks requiring physical access to a user's device\n-Invalid or missing SPF (Sender Policy Framework) records\n-Issues related to software or protocols not under Veris's control\n-Reports of spam\n-Vulnerabilities only affecting users of outdated or unpatched browsers and platforms\n-Any physical attempts against Veris property or data centers\n-Issues without clearly identified security impact, such as clickjacking on a static website, missing security headers, or descriptive error messages\n\nThank you for helping keep Veris safe for the community!\n\n##Important Instructions to Onboard the Veris Platform\n\nPlease use the links below to register for the Veris View Portal\nAlso, use the links below to download the Veris User App for Android and Veris for Frontdesk App for Android. iOS apps will be served soon.\nThe API documentation of Veris User application can be accessed from our APIary page. Please find the link below.\n\nAlso note that  the current testing and research is on a Sandbox Server which is not the Production environment. All reports received are acted upon simultaneously for both the servers. Sandbox and Production environment are exact replicas.\n##We do not appreciate testing or obtaining accounts on the live.veris.in domain for the reason that its not ready yet. Please note the same and co-operate with us.\n\n##Open API list/ SDK (initial draft)\n\nhttp://docs.veris.apiary.io\n","has_open_scope":null,"pays_within_one_month":null,"protected_by_gold_standard_safe_harbor":null,"protected_by_ai_safe_harbor":null,"disclosure_declaration":null,"introduction":null,"platform_standards_exclusions":[],"exemplary_standards_exclusions":[],"scope_exclusions":[],"timestamp":"2016-03-17T09:49:01.426Z"},{"id":2353185,"new_policy":"Veris helps you create a secure identity that's always on your mobile and can be instantly validated anywhere in the world.\nAt Veris we are creating a whole new way for you to manage your identity. No more log books and tapping details on touch screens. No more ID proofs and business cards, photographs or printed badges. No verification calls to hosts inside.\nWe take security seriously at Veris, and we’re committed to protecting our community. If you are a security researcher or expert, and believe you’ve identified security-related issues with Veris’s website or apps, we would appreciate you disclosing it to us responsibly.\n\nOur team is committed to addressing all security issues in a responsible and timely manner, and we ask the security community to give us the opportunity to do so before disclosing them publicly. Please submit a detailed description of the issue to us, along with the steps to reproduce it. We trust the security community to make every effort to protect our users’ data and privacy.\n\n##Disclosure Policy\n\nLet us know as soon as possible upon discovery of a potential security issue, and we'll make every effort to quickly resolve the issue.\nProvide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party.\nMake a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit permission of the account holder.\n\n##Scope\n\nThe scope of issues is limited to technical vulnerabilities in the Veris website, Veris View Portal, Veris Terminal apps and Veris mobile apps. Please do not attempt to compromise the safety or privacy of our users (so please use test accounts), or the availability of Veris through DoS attacks or spam. We also request you not to use vulnerability testing tools that generate a significant volume of traffic.\n\n##Bounty Program\n\nSince we are a bootstrapped start-up, we do not currently have a monetary bug bounty program, but any report that results in a change will at minimum receive Hall of Fame recognition. We would also be more than happy to provide a certificate of acknowledgement and appreciation.\n\n##Non-qualifying vulnerabilities\n\nAlthough we review every reported issue on a case-by-case basis, some of them may not qualify depending on their impact. Here are some common low-risk issues that typically do not qualify:\n\n-Vulnerabilities already reported before are not eligible for rewards\n-Attacks requiring physical access to a user's device\n-Invalid or missing SPF (Sender Policy Framework) records\n-Issues related to software or protocols not under Veris's control\n-Reports of spam\n-Vulnerabilities only affecting users of outdated or unpatched browsers and platforms\n-Any physical attempts against Veris property or data centers\n-Issues without clearly identified security impact, such as clickjacking on a static website, missing security headers, or descriptive error messages\n\nThank you for helping keep Veris safe for the community!\n\n##Important Instructions to Onboard the Veris Platform\n\nPlease use the links below to register for the Veris View Portal\nAlso, use the links below to download the Veris User App for Android and Veris for Frontdesk App for Android. iOS apps will be served soon.\nThe API documentation of Veris User application can be accessed from our APIary page. Please find the link below.\n\nAlso note that  the current testing and research is on a Sandbox Server which is not the Production environment. All reports received are acted upon simultaneously for both the servers. Sandbox and Production environment are exact replicas.\n\n##Open API list/ SDK (initial draft)\n\nhttp://docs.veris.apiary.io\n","has_open_scope":null,"pays_within_one_month":null,"protected_by_gold_standard_safe_harbor":null,"protected_by_ai_safe_harbor":null,"disclosure_declaration":null,"introduction":null,"platform_standards_exclusions":[],"exemplary_standards_exclusions":[],"scope_exclusions":[],"timestamp":"2016-03-15T16:02:19.657Z"},{"id":2350541,"new_policy":"Veris helps you create a secure identity that's always on your mobile and can be instantly validated anywhere in the world.\nAt Veris we are creating a whole new way for you to manage your identity. No more log books and tapping details on touch screens. No more ID proofs and business cards, photographs or printed badges. No verification calls to hosts inside.\nWe take security seriously at Veris, and we’re committed to protecting our community. If you are a security researcher or expert, and believe you’ve identified security-related issues with Veris’s website or apps, we would appreciate you disclosing it to us responsibly.\n\nOur team is committed to addressing all security issues in a responsible and timely manner, and we ask the security community to give us the opportunity to do so before disclosing them publicly. Please submit a detailed description of the issue to us, along with the steps to reproduce it. We trust the security community to make every effort to protect our users’ data and privacy.\n\n##Disclosure Policy\n\nLet us know as soon as possible upon discovery of a potential security issue, and we'll make every effort to quickly resolve the issue.\nProvide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party.\nMake a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit permission of the account holder.\n\n##Scope\n\nThe scope of issues is limited to technical vulnerabilities in the Veris website, Veris View Portal, Veris Terminal apps and Veris mobile apps. Please do not attempt to compromise the safety or privacy of our users (so please use test accounts), or the availability of Veris through DoS attacks or spam. We also request you not to use vulnerability testing tools that generate a significant volume of traffic.\n\n##Bounty Program\n\nSince we are a bootstrapped start-up, we do not currently have a monetary bug bounty program, but any report that results in a change will at minimum receive Hall of Fame recognition. We would also be more than happy to provide a certificate of acknowledgement and appreciation.\n\n##Non-qualifying vulnerabilities\n\nAlthough we review every reported issue on a case-by-case basis, some of them may not qualify depending on their impact. Here are some common low-risk issues that typically do not qualify:\n\n-Vulnerabilities already reported before are not eligible for rewards\n-Attacks requiring physical access to a user's device\n-Invalid or missing SPF (Sender Policy Framework) records\n-Issues related to software or protocols not under Veris's control\n-Reports of spam\n-Vulnerabilities only affecting users of outdated or unpatched browsers and platforms\n-Any physical attempts against Veris property or data centers\n-Issues without clearly identified security impact, such as clickjacking on a static website, missing security headers, or descriptive error messages\n\nThank you for helping keep Veris safe for the community!\n\n##Important Instructions to Onboard the Veris Platform\n\nPlease use the links below to register for the Veris View Portal\nAlso, use the links below to download the Veris User App for Android and Veris for Frontdesk App for Android. iOS apps will be served soon.\nThe API documentation of Veris User application can be accessed from our APIary page. Please find the link below.\n\nAlso note that  the current testing and research is on a Sandbox Server which is not the Production environment. All reports received are acted upon simultaneously for both the servers. Sandbox and Production environment are exact replicas.\n","has_open_scope":null,"pays_within_one_month":null,"protected_by_gold_standard_safe_harbor":null,"protected_by_ai_safe_harbor":null,"disclosure_declaration":null,"introduction":null,"platform_standards_exclusions":[],"exemplary_standards_exclusions":[],"scope_exclusions":[],"timestamp":"2016-03-15T05:15:56.387Z"}]