Responsible disclosure program
Program overview
While we make every effort to make sure our platform is as robust as possible, we know systems can behave in very unexpected ways in the real world. If you find a vulnerability in Poll Everywhere or its related presentation applications, let us know through our response program.
Vulnerability response
We accept all critical and high severity reports when evaluated against the Common Vulnerability Scoring System (CVSS), version 3.1. A web calculator is available to help determine if a vulnerability is in scope for submission. Items on the vulnerability rating taxonomy are in scope if they live in the P1 and P2 categories. Items that are placed in P3, P4, and P5 are not in scope.
We may award a small "finder's fee" for issues reported through this process. However, no reward is guaranteed. Rewards are based on the severity of the issue as judged by our analysts.
Bug bounty program
In addition to this response program, we operate a private bug bounty program with a different scope.
This page will be updated when we're ready to invite additional testers.