Report Security Issues
If you've discovered a security vulnerability on parosco.com, please let us know right away. We take every legitimate report seriously and work to resolve confirmed issues as quickly as possible. Before submitting a report, please read through this page, which covers our core principles, our bounty program, how rewards are determined, and what falls outside the scope of this program.
Core Principles
If you report a security issue to us in accordance with the guidelines below, we won't pursue legal action or any enforcement investigation against you as a result of that report.
We ask that you:
- Give us a reasonable amount of time to investigate and address the issue before disclosing it publicly or to anyone else.
- Avoid accessing or interacting with any account that isn't your own, without that account holder's explicit permission.
- Make a genuine effort to avoid disrupting our service, destroying data, or compromising anyone's privacy.
- Refrain from exploiting the vulnerability beyond what's needed to demonstrate it — including accessing data you don't need to prove the issue exists.
- Stay within the bounds of all applicable laws while researching or reporting the issue.
Our Bounty Program
We value the work of security researchers who help us keep our platform safe, and we offer rewards for qualifying reports. Bounty amounts are determined at Parosco LLC's discretion, based on the severity, impact, and clarity of the report submitted.
To be eligible for a reward, your report should:
- Follow the core principles outlined above.
- Identify a genuine vulnerability that creates a real risk to user privacy or platform security.
- Be submitted through our official reporting channel below — please don't reach out to individual staff members directly.
- Include disclosure of any unintended impact your testing may have caused, such as an accidental disruption.
- Be understood as subject to a review process — we evaluate every valid submission, but higher-risk issues are prioritized, and a full response may take some time.
- Be submitted with the understanding that we may choose to publish details of the report once resolved.
How Rewards Are Determined
Reward amounts depend on the severity and real-world impact of the vulnerability reported. Please include clear, reproducible steps in your submission — reports that can't be reproduced are not eligible for a reward.
- The reward goes to whoever submits a valid, qualifying report first.
- If multiple reported bugs trace back to the same root cause, they're treated as a single report.
- Reward amounts reflect our assessment of impact, exploitability, and the overall quality of the report.
Current maximum reward amounts by severity level are listed below.
- Remote code execution
- Remote shell or command execution
- Vertical authentication bypass
- SQL injection exposing user data
- Full, unauthorized account takeover
- Lateral authentication bypass
- Exposure of sensitive internal data
- Stored cross-site scripting (XSS)
- Local file inclusion vulnerabilities
- Insecure session cookie handling
- Business logic flaws
- Insecure direct object references
- Open redirect vulnerabilities
- Reflected cross-site scripting (XSS)
- Disclosure of low-sensitivity information
How to Report an Issue
To submit a report, please email us at Contact@parosco.com with a clear description of the vulnerability, the steps needed to reproduce it, and any supporting evidence such as screenshots or a proof-of-concept. Our team will review your submission and follow up with you directly.
Contact Information
- Address 823 Center Ave N, Curtis, NE 69025, USA
- Phone +1 (308) 260-1935
- Email Contact@parosco.com