Vulnerability Disclosure Program
At Looka, we take the security of our platform and our users’ data very seriously. We welcome and encourage security researchers to report any vulnerabilities they may find in our web application, so that we can quickly address them and keep our platform safe and secure.
Scope:
The program applies to all Looka web application assets and services.
Eligibility:
We appreciate all vulnerability reports that are submitted to us in good faith. We will review each submission on a case-by-case basis, but generally, the following criteria must be met for the vulnerability to be considered eligible for a reward or recognition:
- 1. The vulnerability must be previously unknown and not publicly disclosed
- 2. The vulnerability must affect the confidentiality, integrity, or availability of our web application or user data
- 3. The vulnerability must be reproducible
- 4. The vulnerability must be reported to us in a responsible and ethical manner, without exploiting it for any personal gain or harm
How to report a vulnerability:
If you believe you have found a vulnerability in Looka’s web application, please submit a report to us via email at vdp@looka.com. Please include the following information in your report:
- 1. Detailed steps to reproduce the vulnerability
- 2. The impact of the vulnerability
- 3. Any technical details or proof of concept code that could be helpful in reproducing the issue
- 4. Your name or pseudonym (if you wish to remain anonymous)
Please do not publicly disclose the vulnerability until it has been resolved and you have received permission to do so from Looka’s security team.
Rewards:
We appreciate the time and effort it takes to find and report security vulnerabilities, and we want to thank security researchers for their contributions. We may offer rewards for eligible vulnerability reports at our discretion. Rewards may include monetary compensation or recognition on our website.
Response:
Once we receive your vulnerability report, we will acknowledge it within 7-10 business days. Our security team will review the report and determine its validity and severity. We will keep you informed of the status of the report and our progress in addressing the vulnerability. We aim to resolve all reports as quickly as possible, and we appreciate your patience as we work to address any issues.
Legal:
We will not take legal action against individuals who submit vulnerability reports to us in good faith.
Hall of Fame
Looka thanks the following individuals who have helped the improve the security of our systems, data and ICT resources by reporting vulnerabilities. We are very grateful for your hard work.
- Suraj Gupta x 8| LinkedIn
- Priyanshu Parmar x4 | LinkedIn
- Md Sojib Islam Nirob x 3 | Facebook
- Sanjay Lakhara x 3 | LinkedIn
- Muhammad Shayan x 3 | LinkedIn
- Shane Bostick x 3 | LinkedIn
- Durvesh Kolhe x 2 | LinkedIn
- Mangesh Muley x2 | LinkedIn
- Fabian Mucke
- Charly Juegos | LinkedIn
- Mikael Santos | LinkedIn
- Andrea Bocchetti | LinkedIn
- Manav | LinkedIn
- Somnath Guli (Ryan) | LinkedIn
- Tim Brendon | Website
- Himanshu Sondhi
- Syed Hanzalah (GhostBlade) | LinkedIn
- Kunal Mhaske | LinkedIn
- Tirth A Patel | LinkedIn
- Dipendranath Tarafder | X
- Mohamed Usman | LinkedIn
- Tushar Bhosale | LinkedIn
- Prathamesh B Vilayatkar | LinkedIn
- Paranjay Singh | LinkedIn
- Nikhil Chaudhari | LinkedIn
- Mukul Goyal | X
- Aajinath Kanhere | LinkedIn
- Parmeshwar Dattu Kanhere | LinkedIn
- Aman Verma | LinkedIn
- Irwan | LinkedIn
- Ayush Aggarwal | LinkedIn
- Vaibhav Survase
- Tejas Mane | LinkedIn
- Mehedi Hasan (SecMiners BD) | Facebook
- Luka Zimonjic | LinkedIn
- Mohit Kumar | LinkedIn
- Amin Bunyatov | LinkedIn
- Parth Narula | Website
- Ravi Sunkara | LinkedIn
- Pranav K | LinkedIn
- Aniket Kamboj | LinkedIn
- Shubham Sharma | LinkedIn
- Sahaj Gautam | LinkedIn
- Ayush Kumar | LinkedIn
- Faizan Ahmed | LinkedIn
- Foysal Ahmed | X