By participating in this program, you agree to:
- Respect the Community Code of Conduct
- Respect the Intigriti Terms and Conditions
- Respect the scope of the program
- Not discuss or disclose vulnerability information without prior written consent (including proof of concepts (PoC) on e.g. YouTube, Github, Twitter and Vimeo)
Provide a proof-of-concept(POC) for the vulnerability and explain the information security impact to the best of your knowledge.
Since we use various automatic scanners for vulnerability management and gain those results as part of regular business, we cannot accept any submissions found by using automatic scanners.
Create your own account for testing purposes and use your @intigriti.me email. Do not attempt to gain access to another user’s account or compromise any confidential information of DHL Group.
Avoid privacy violations, confidentiality breaches, degradation of user experience, disruption to production systems, and destruction or manipulation of data. Do not cause harm to DHL Group, employees, customers and users.
Only use exploits to the extent necessary to confirm a vulnerability’s presence. Do not use any exploit to compromise or exfiltrate data, establish command line access and/or persistence, or to pivot to other systems.
Once you’ve established that a vulnerability exists or you encountered any sensitive data (including personally identifiable information, financial information, or proprietary information or trade secrets of any party), you must stop your test, report here, and do not disclose this data to anyone else. Do not try to use the existence of a vulnerability to access, store and use the data. Do not share your findings and investigations knowledge with anyone except DHL Group.
Do not attempt to make illegal demands to obtain anything except what this program offers.
DHL Group reserves the right to change the terms of this program without giving any reason and/or notification to you. Please check for any updates before submitting a new finding.