Security Vulnerabilities Disclosure

We are eager to learn about security vulnerabilities and gaps you may know about and commit to their remediation and continued improvement.

When it comes to the information security of our customers, we are always on the lookout for new and better ways to improve our service and product at RiseUp. Our information security team is happy to listen, get feedback and improve with your help. 

We encourage disclosure of any security vulnerabilities, gaps and concerns that can affect our service, product, websites, information security and privacy of our users. 

We make a commitment to remedy any finding that can pose a risk to riseup or our customers.

 

How Does it Work?

Once you reach out to us about potential security concerns or vulnerabilities, we will respond to your email and acknowledge them within three business days (earlier, most likely). Please collaborate with us while preserving the privacy, integrity and ethics, for all parties involved, for our customers – particularly so.

Good to Know

We operate a Bug Bounty reward and recognition program, it is currently private – invite only (via bugbounty@riseup.co.il, requires a user with the INTIGRITI bug bounty platform) Please note that this information on this page is in no way an invitation or consent to attack, testing or abuse of our service or products. RiseUp employs tools and independent 3rd-parties for testing, inclusive of penetration testing, vulnerabilities scanning and assessments. 

Please keep all discussions with us confidential.

Vulnerabilities Disclosure Policy

 Please report any vulnerabilities and security gaps you are aware of as soon as you are able.

Please allow RiseUp a reasonable time to act to assess and remedy reported vulnerabilities, before you share or talk about them with others.

Act in good faith and make good and reasonable efforts to avoid compromise of customer and RiseUp privacy, integrity and availability of services.

Kindly Avoid the Following

Denial of Service attacks
 
Bruteforce attacks
 
Bruteforce attacks
 
Social Engineering attacks
 
Attacks targeting our customers, partners or vendors
 
Physical attacks, deceptions, tampering and abuse of our offices, employees or customers
 

Kindly report any vulnerabilities or security gaps to: security@riseup.co.il 

Thank you for helping keep our customers and RiseUp safe!

Alexander S. Getsin
CISO@RiseUp