Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

At Lucidity we take security issues very seriously, and recognise the importance of privacy and data integrity to our users. Given this, we strive to provide responsible disclosure to our customers or vendors where affected by security vulnerabilities.

Reporting Security Issues

If you believe you have discovered a vulnerability in a Rapid7 product or have a security incident to report, please contact security@luciditysoftware.com.au 

Responsible Disclosure Guidelines

  • Notify Lucidity and provide us details of the vulnerability. Please provide us a reasonable time period to address the issue before public disclosure.
  • Provide an appropriate level of detail on the vulnerability to allow us to identify and reproduce the issue. Detail should include target URLs, request/response pairs, screenshots, and/or other information.
  • We will confirm your email and evaluate the validity and reproducibility of the issue. For valid issues, we will work to fix the issue and keep you appraised of progress.

Bug Bounty Program Terms

We recognise and reward security researchers who help us keep people safe by reporting vulnerabilities in our services. Monetary bounties for such reports are entirely at Lucidity's discretion, based on risk, impact, and other factors. To potentially qualify for a bounty, you first need to meet the following requirements:

  • Adhere to our Responsible Disclosure Policy (see above).
  • Report a bug that is a security issue. Not all bugs are considered security issues, and Lucidity reserves the right to determine what constitutes a potential security vulnerability  
  • Your report falls within the accepted scope (as defined in Bug Bounty Scope)
  • We determine bug bounty amounts based on a number of factors, including the ease of exploit, potential risk and other factors that Lucidity considers relevant

Bug Bounty Scope

The following domains are included:

  • *.integralcs.com 
  • *.luciditysoftware.com.au


The following domains are excluded:

  • *.ourintranet.net
  • *.intranet.integralcs.com
  • cruse.com.au
  • luciditysoftware.com.au


  • No labels