While we try to be proactive in preventing security problems, we do not assume they’ll never come up.
It is standard practice to responsibly and privately disclose a security problem to the vendor i.e. ERPU Technologies core development team before publicising, so a fix can be prepared, and damage from the vulnerability minimised.
You are responsible for complying with all applicable laws and must only ever use or otherwise access your own test accounts when researching vulnerabilities in any of our products or services. Access to, or modification of user data is explicitly prohibited without prior consent from the account owner.
Any reproducible vulnerability that affects the security of our users is likely to be in scope.
Common examples include:
If you find any security breaches, please report the issue to via this form
It is important to include at least the following information in the email:
Please allow a reasonable time (2-4 days) for us to confirm and respond to the issue after reporting.
| Type of vulnerability | Award |
|---|---|
| Unvalidated Input | $100 |
| Access-Control Problem | $200 |
| Weaknesses in Authentication, Authorization, or Cryptographic Practices | $300 |
| Remote Code Execution (RCE) | $500 |
| SQL Injection (SQLi) | $700 |
To view a list of known vulnerabilities that have already been fixed in the system, please visit the CVE References Page.