Chartboost is dedicated to providing a secure advertising and monetization environment for our partners. If you believe you’ve found a security vulnerability or a business logic bug (each, a “Vulnerability”) in our applications or services (our “Services”) that could adversely affect Chartboost or our partners, or give an unfair advantage when abused, please privately let us know by submitting a security vulnerability report (a “Report”) through our Responsible Disclosure Program (the “RDP”) as described below. Due to the sensitive nature of all Vulnerabilities, we require that you keep all information about Vulnerabilities strictly confidential and protect all such information from unauthorized disclosure. By submitting a Report as described below, you are agreeing to the terms on this web page. We may modify the terms of our RDP or terminate the RDP at any time. If you need Chartboost support, please contact Chartboost Customer Support.
We encourage you to responsibly research our Services for Vulnerabilities. You may set up secondary test accounts to conduct security assessments of our Services provided such accounts remain under your sole control and are used for security research purposes only.
You shall not:
– Attempt to perform malicious data destruction attacks against Chartboost’s or Chartboost Partner’s data or Chartboost’s Services
– Violate a person’s privacy in conducting your research
– Perform any network volumetrics attacks that adversely affect the reliability of Chartboost’s Services, including but not limited to, DoS and DdoS
– Take any action in violation of applicable laws
You may submit a Report using the submission form below or you may contact our security organization by emailing Chartboost Security to provide the vulnerability information directly. If possible, we will authenticate the fix before it is published.
By submitting a Report or any other information to us, you are granting Chartboost an irrevocable, perpetual, worldwide, and royalty-free license to use, create derivatives of, disclose, sell, transfer, sublicense, or modify any such Report of information for any purpose.