Product
Use cases
Pricing
Developers
Resources
Sign up

Bug Bounty Program

At Gladia, we take security very seriously.
Last update: 18/11/2024

1. The Ten Commandments

1. First Commandment: We, Gladia.io, reserve the right to cancel this program at any time. The decision to pay a reward is entirely at our discretion.

2. Second Commandment: Thou shalt not disrupt any service or compromise personal data.

3. Third Commandment: Thou shalt not publicly disclose a bug before it has been fixed. Thou shalt also be the first person to responsibly disclose the bug.

4. Fourth Commandment: Thou shalt not be an actual or a past employee of Gladia.io to join the program.

5. Fifth Commandment: Thou shalt not use brute forcing, scanner tools, nor perform Denial of Service attempts on the platform.

6. Sixth Commandment: Thou shalt not violate any local, state, national, or international law.

7. Seventh Commandment: Thou shalt stay within the defined scope.

8. Eighth Commandment: Thou shalt not perform physical attacks against Gladia.io's employees, offices, or data centers.

9. Ninth Commandment: Thou shalt have fun and enjoy responsibly while searching for vulnerabilities.

10. Tenth Commandment: Thy participation in this program will constitute acceptance of these rules.

Any failure to comply with these rules will result in exclusion from the bug bounty program and could lead to legal action.

Please stay polite and respectful.

We do not disclose any previous reports, and we maintain the anonymity of researchers from one another.

2. Rewards

Gladia.io will offer a minimum reward of 50€. There is no maximum reward, as it will be determined by the Gladia.io security team based on the level of criticality and impact of the reported vulnerability.

Non-security-related issues (bugs, wrong interface/API behavior, etc.) will not be eligible for a monetary reward and should only be reported through our dedicated form.


We do not accept bug bounty reports via email to ensure fairness in the timing and precedence of bug reporting.

{
  "assetValue": "Critical (The crown jewels!)",
  "rewardLevels": {
    "CVSS_Low": "$50 (Enough for a pizza, maybe with extra cheese!)",
    "CVSS_Medium": "$250 (You can finally buy that gadget you’ve been eyeing!)",
    "CVSS_High": "$1,000 (Treat yourself! You’ve earned a mini-vacation!)",
    "CVSS_Critical": "$2,000 (You just saved the day! Time to go on a shopping spree!)"
  }
}

3. Qualifying Vulnerabilities

  • Authentication bypass
  • User session compartmentalization issues
  • SQL / NoSQL injections
  • Remote code execution or information leakage through XML external entities
  • Reflected / persistent Cross-site scripting (XSS)
  • Cross-site request forgery (CSRF)
  • Server-side request forgery (SSRF)
  • Remote code execution on Gladia.io servers through memory corruption, command injection, or other exploitation techniques
  • Social engineering
  • Any vulnerability in the defined scope that could impact the security of the platform and its users

    • 4. Non-Qualifying Issues

  • Issues outside of the defined scope
  • Duplicate issues
  • CSRF in login or logout
  • Social engineering or shoulder-surfing on Gladia.io employees
  • Security bugs in third-party websites that integrate with Gladia.io
  • Spam or exploit kits in search results (URLs that bypass Gladia.io's anti-malware solutions)
  • Password complexity or any other issue related to account or password policies
  • Missing/invalid HTTP headers
  • Cookie flags
  • Clickjacking
  • Denial of Service (DoS)
  • Results from pivoting or scanning internal systems
  • SSL/TLS issues
  • Accounts enumeration
  • SPF/DKIM issues
  • Issues with no security impact
  • Issues impacting protocols or software not developed nor maintained by Gladia.io
  • Rate-limit issues
  • Forms missing CSRF tokens
  • Text injection
  • Content spoofing
  • Forms missing CAPTCHA
  • Homograph attacks
  • Bypasses of results filters
  • Client-side issues impacting specific browsers
  • Any Adobe Flash / SWF related issues
  • Account policies related issues (token expiration, reset link, password complexity)
  • Self-exploitation

    • By participating in this program, you agree to adhere to the rules and conditions set forth. Happy hunting!

    Speech-to-TextReal-Time StreamingWhisper-ZeroPricing
    AI audio infrastructure for companies
    Sign up
    Sign in
    Try the API

    Gladia
    Security

    At Gladia,
    we take security very seriously.


    Last update: 09/02/2024

    From audio
    to knowledge

    Subscribe to receive Gladia's latest news,
    product updates and curated AI content

    Thank you! Your submission has been received!
    Oops! Something went wrong while submitting the form.