SICK Vulnerability Program

Sick Codes Vulnerability Program for Researchers and Orphaned Reports
Sick Codes Vulnerability Program for Researchers and Orphaned Reports

Welcome to the SICK.CODES software vulnerability and accountability program.

The purpose of the SICK Vulnerability Program is to recognize researchers, who are otherwise ignored by other programs.

Vulnerabilities submitted to SICK.CODES are not sold, they are responsibly publicly disclosed, following industry best-practices.

Your vulnerability will be assigned a SICK ID. This helps us, and other organizations, track your vulnerability throughout its lifetime.

We can also help you write a vulnerability report if you are not good at writing in English.


    Select ONE reason for your submission:


    Select ANY of the following:

    I have not received a response from a vulnerability programI believe that the vendor does not have a public BugBounty program on BugCrowd or HackerOneI have attempted to contact the vendor, or will contact them after submissionI cannot contact the vendor, or would like assistance contacting the vendorThe vendor does not consider this a vulnerabilityI do not want my name/alias published with this vulnerability (anonymous report)


    Vulnerability details:

    By submitting this request you agree to follow responsible disclosure guidelines. An example of responsible disclosure guidelines can be found here: https://github.com/disclose/dioterms.

    By submitting this request you agree that SICK.CODES will not publish this vulnerability until a known patch or mitigation is published.

    By submitting this request you permit SICK.CODES to contact the vendor on your behalf, to attempt to resolve the issue. SICK.CODES will email, phone, SMS, @, hashtag, inbox, direct message, or contact partners of the vendor until a response is received. If SICK.CODES cannot contact the vendor for you, SICK.CODES will work with you in authoring a patch to mitigate the vulnerability. This may require getting other responsible Open Source collaborators to help write the patch, as a team.

    Software patches written by SICK.CODES will be released under the exact same license as the parent project, and WITHOUT WARRANTY. If the parent project license is unknown, software patches authored by SICK.CODES or other collaborators will be released under either the GPLv2, the GPLv3+, or MIT license, whichever is most appropriate.

    This vulnerability is your own security research. You discovered this.

    Therefore, if the vendor has a paid bug bounty, SICK.CODES will take 0% of the bounty.

    You will receive 100% of the bounty.

    We will fight for your rights as a responsible security researcher to get the most appropriate bounty.

    You can donate some back to us if you're feeling generous.

    SICK.CODES will credit you in every way possible for your discovery.

    I am acting in good faith

    SICK.CODES has never received a court order, and is not under any gag order (do not submit if this sentence is missing)

    Welcome Back!

    Login to your account below

    Create New Account!

    Fill the forms bellow to register

    Retrieve your password

    Please enter your username or email address to reset your password.