Security


Security and privacy of our customers are pivot principles as we design products at Glance. Our developers strive to write secure code and we take utmost care to ensure that our digital assets are protected. We realize that there is no silver bullet when it comes to security and there are times when security bugs sneak through despite our best efforts. We welcome working with security community at large to resolve any security issues promptly.


Reporting a security issue


We would like to foster a culture of collaboration to achieve better security and make the internet a better place. If you believe that you have found a security issue in our product or service, that can adversely impact Glance Group’s digital assets or have a suggestion to improve our security, please do contact our security team at secops@glance.com. Our security team will get in touch and will work with you to understand your research, quantify as per CVSS 3.0 and recognise as per our awards program.


Our Expectation

Our promise to you

Services in scope

  1. *.glance.com
  2. *.glance.app
  3. *.glance.world
  4. *.glance.inmobi.com
  5. *.roposo.com
  6. *.koralapp.com


Exclusions: All Glance group employees, contract staff and its affiliates


Rewards Philosophy:


Rewards are proportional to the severity of vulnerability, asset value & overall impact. This evaluation is done by Glance’s security team with keeping CVSS 3.0 as a benchmark while doing overall quantification. There could be instances where cash rewards may vary for same type of vulnerability which could be due to differing asset values & overall impact. In exceptional cases, where vulnerability is unique & complex; security researcher may be paid more than the Rewards Grid (mentioned below). Glance reserves the discretion of rewards program and reserves right to change it without any public notice. Vulnerabilities in scope of bug bounty program are as follows:


Critical Vulnerabilities


High Vulnerabilities

Medium

Low


Rewards Grid:

Category as per CVSS 3.0

Reward

Certificate of appreciation

Hall of fame

Critical

$300-$500

Yes

Yes

High

$ 200- $300

Yes

Yes

Medium

NA

Yes

Yes

Low

NA

Yes

NA



Out of scope vulnerabilities*:


Below category of vulnerabilities which are considered are excluded from the rewards.

1)General


2)System related


3)CSRF


4)Login/Session related

5) Known Issues


Responsible Disclosure


At Glance we believe that with great knowledge comes great responsibility. We expect that you will let us know as soon as possible upon discovery of a potential security issue, give us reasonable lead time to respond to your report before making any information public and that you will make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service during your research. You will only interact with accounts you own or with the explicit permission of the account holder. We will reciprocate the gesture by working with you to mitigate the issue to the satisfaction of both parties. We would prefer that interested researchers coordinate their efforts with our security team so that we can avoid any untoward incidents that could affect confidentiality, integrity or availability of Glance Group’s digital assets.


**Appendix A


We classify malicious activities as follows.

All attempts to cause harm to Glance Group digital assets and data and that do not follow responsible disclosure will be pursued legally to the full extent permitted by law.



Hall of Fame- Coming soon