The Coca-Cola Company is proud of our researcher community and the impactful findings they have provided over the years. We are bringing our VDP program to Intigriti to further our community growth and provide some exciting changes around our VDP reward structure. For more information about VDP rewards, please see the FAQ section below.
This is a responsible disclosure program without bounties.
Brand sites owned by The Coca-Cola Company.
*.us.coca-cola.com
*.coca-cola.com
*.ko.com
*.testko.com
*.coca-colacompany.com
*.coke.com
*.cokeurl.com
*.tccc-aem.com
Since our establishment on 14th February 1997 in Bengaluru, Karnataka, Hindustan Coca-Cola Beverages (HCCB) has been on a mission to refresh the nation. Having flourished into one of the Top 5 leading beverage companies in India, all our operations are geared towards creating nothing but the best. We specialize in manufacturing, packaging and distributing a vast range of beverages from The Coca-Cola Company portfolio nationwide. But at the same time, we are more than just a leading beverage company in India, we are a company that is profoundly about the impact we make on our people and planet.
Domains
*.hccb.in
*.hccbpl.in
This program follows Intigriti's contextual CVSS standard
Accepted Issues and Severity
When reporting vulnerabilities, please consider attack scenario/exploitability and the security impact of the bug. We may choose not to accept or to modify the severity of submissions in cases where there is no clear exploit chain, these include:
However, it is important to note that in some cases a vulnerability's priority will be modified due to its likelihood or impact. In any instance where a vulnerability rating is modified, an explanation will be provided to the researcher - along with the opportunity to make a case for a higher priority.
Please be aware, The Coca-Cola Company uses Adobe Experience Manager for content management for the majority of its consumer facing websites. We accept vulnerability reports for AEM components and configurations, however, in cases where the same component is determined to be vulnerable across multiple AEM websites because of the shared codebase, these will be treated as one unique vulnerability with subsequent reports marked as duplicate.
The Coca-Cola Company believes their researcher and hacker community should be rewarded for their contributions to security program. As a result, we will be offering Coke Store discount codes based on finding severity. Coca-Cola is not responsible for any import taxes or tariffs for orders. Returned orders using reward codes are not eligible for reimbursement or exchanges.
| Severity | Coke Store Discount Code Amount |
|---|---|
| Exceptional | $250 USD |
| Critical | $150 USD |
| High | $100 USD |
| Medium | $50 USD |
| Low | $25 USD |
| Informational | Keep Trying You'll Get There! :) |
| Duplicate | So Close... |
On the first of each month TCCC will generate a discount code for each eligible report. Researchers will be sent codes via their reports once the codes have been generated.
Reports will be closed when the vulnerability has been remediated. Your researcher/hacker handle will be noted internally and added to the closed report once the code has been generated.
Right now codes are single use, so make it count. We are looking to fix this in the future but right now it's what we have.
No, right now discount codes cannot be used to cover shipping cost. We are working on this I promise.
Yes, 6 months from the time you receive the code.
No
For obvious reasons we can only allow submissions or applications for our program with a valid Intigriti account.
It will only take 2 minutes to create a new one or even less to log in with an existing account, so don't hesitate and let's get started. We would be thrilled to have you as part of our community.
