HomeSolutionsCompanyPricingContact

Responsible Disclosure

Status: Active ProgramResponse Time: < 24 Hours

1. Philosophy

Security is the core of Amadeus Protected. We recognize the vital role that independent security researchers play in keeping the internet safe. If you believe you have found a vulnerability in our infrastructure, we encourage you to report it to us immediately.

2. Safe Harbor

WE WILL NOT PURSUE LEGAL ACTION against researchers who:

  • Conduct research within the strict limitations of this policy.
  • Do not compromise the privacy or safety of our clients.
  • Give us reasonable time to remediate the issue before public disclosure.
  • Do not destroy data or disrupt our services (DoS).

3. Program Scope

IN SCOPE (Target Assets)
  • *.amadeus-protected.com (Web Assets)
  • Amadeus API Endpoints (api.amadeus...)
  • VPN Authentication Handshake
  • Client Portal Logic
OUT OF SCOPE (Prohibited)
  • Social Engineering (Phishing) of employees.
  • Physical attacks on data centers.
  • DDoS / Volumetric attacks.
  • Self-XSS / UI Redressing (Clickjacking).

4. Secure Reporting

Vulnerability reports contain sensitive data. You must encrypt your email using our PGP key.

SECURITY CONTACT: security@amadeus-protected.com
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2

mQINBGI4z5oBEACt... (TRUNCATED FOR DISPLAY) ...
...9sXj5k2Qz/
=7d8a
-----END PGP PUBLIC KEY BLOCK-----

What to include:

  • Proof of Concept (PoC) script or screenshots.
  • Affected endpoint or IP address.
  • Impact assessment.

5. Rewards & Hall of Fame

We offer a tiered bounty program for critical vulnerabilities. Rewards range from acknowledgment in our Hall of Fame to financial bounties (up to €10,000) for Remote Code Execution (RCE) exploits.

Note: Bounties are paid in USDT or Bank Transfer only after verification and remediation.