Merkle believes that everybody should be safe and secure on the internet. Merkle is committed to maintaining the security of our assets, systems, and customers’ information. If any potential vulnerabilities are identified in any product, system, or asset belonging to Merkle, we encourage security researchers to contact us as soon as possible. If you believe you have identified a potential security vulnerability, please submit it in accordance with our Responsible Disclosure Program.
Thank you in advance for your submission. Merkle does not operate a public bug bounty program and will not provide a reward or compensation in exchange for reporting potential issues.
Researchers shall ensure that when in the process of disclosing potential vulnerabilities they:
By acting in accordance with the guidelines above and responsibly submitting your findings to Merkle, Merkle agrees not to pursue legal action against you unless it is compelled to do so by a regulatory authority, other third party, or applicable laws
Once a report is submitted, Merkle commits to provide prompt acknowledgement of receipt of all reports (in any event, within 5 business days of submission). Where possible, Merkle shall use commercially reasonable endeavors to keep you reasonably informed of the status of any validated vulnerability that you report through this program.
When reporting a potential vulnerability, please include a detailed summary of the vulnerability. This shall include the following:
Lorem Certain vulnerabilities are considered out of scope for our Responsible Disclosure Program. Out-of-scope vulnerabilities include, but are not limited to: