LEGAL

Responsible Disclosure

Last modified: Mar 24, 2023
privacy-security

Found a security flaw? 

Hive Streaming takes the security of our system seriously and constantly strives to deliver high-quality services in a secure manner. Protecting our customers’ data is our number one priority. We genuinely value security researchers and the security community to assist in keeping our systems secure. Together we can make things better and find ways to solve challenges. The responsible disclosure of security vulnerabilities helps us ensure the security and privacy of our users. If you have discovered a security flaw, we encourage you to contact us and would like to hear about it to address it as soon as possible. Together we can accomplish goals through collaboration, communication, and accountability. 

How to contact us? 

You can start the process by sending an email to our security team and make sure to include the type, impact, description, and location of the vulnerability and a detailed description of the steps required to reproduce the vulnerability. We will do our best to respond to you within 72 hours to confirm that we have received your report, and keep you updated while we process the issue. 

Guidelines 

Please keep information about any vulnerability you’ve discovered confidential between yourself and Hive Streaming until we have had at least 60 days to review and resolve the issue. It is important to note that the timeframe for us to review and resolve an issue may vary based upon several factors, including the complexity of the vulnerability, the risk that the vulnerability may pose, among others. Please keep in mind to make every effort to avoid privacy violations, degradation of user experience, disruption to production systems, brute force attacks, denial of services, and destruction of data during security testing. Always keep in mind not to engage in social engineering or phishing of our employees. Hive Streaming employees or employees of Hive Streaming partners are not eligible for participation. 

Scope 

The scope of the bug bounty is related to the technical components that make up the Hive Streaming products. Specifically focused only on systems that Hive Streaming develops including our desktop agent, browser plugins, and the backend services used by the desktop agent and plugins. 

Common vulnerabilities and exposures that are already known to Hive Streaming are not included within the scope of the bug bounty program. 

Reward 

Each report will be evaluated case by case, and the Hive Streaming Security Team will decide regards to any reward.