Automation Anywhere, Inc., is committed to ensuring the safety and security of the products and cloud services that are licensed to our customers.
As such, if you discover a vulnerability in the products or cloud services that are provided to Automation Anywhere customers, Automation Anywhere appreciates your help in disclosing these vulnerabilities to Automation Anywhere in a responsible manner as set out in this Vulnerability Disclosure Policy (VDP).
Scope
This program shall only apply to products or SaaS services that Automation Anywhere develops and licenses to its customers. This program does not apply to Automation Anywhere website and non-service-oriented infrastructure. Please note: Automation Anywhere does not condone any attempts to actively audit or exploit our cloud services, applications, and infrastructure.
This document applies to technical vulnerabilities on Automation Anywhere products or SaaS services that are developed and licensed by Automation Anywhere
The below are not in scope for testing.
Our Commitment (Safe Harbor)
If you identify a valid security vulnerability in compliance with this Responsible Disclosure Policy and in good faith, Automation Anywhere is committed to not engaging in any legal action against you with respect to the scope of this Policy. This commitment does not apply to any attempts to actively audit or exploit Automation Anywhere cloud services, applications, and infrastructure.
Vulnerability submissions
Automation Anywhere encourages security researchers to share the details of any suspected vulnerabilities with the Automation Anywhere Security Team by sending an email to disclosure@automationanywhere.com.
Automation Anywhere will review the submission to determine if the finding is valid and has not been previously reported.
At Automation Anywhere’s sole discretion, you may be eligible for monetary compensation for your efforts.
Automation Anywhere will attempt to review and respond to your report within five (5) business days of submission.
Publication of Vulnerability
Following the successful fix of the vulnerability, Automation Anywhere will disclose the vulnerability and the successful remediation on our website, subject to the terms and conditions of the Responsible Disclosure Agreement. If you prefer to be credited by name, please provide Automation Anywhere your consent in writing (an email is sufficient).
Bounty Program
After remediation, you may be eligible to receive a bounty payment, subject to the terms and conditions of the Responsible Disclosure Agreement. While Automation Anywhere uses CVSS 3.0 (Common Vulnerability Scoring Standard) to calculate severity, Automation Anywhere reserves the right, in its sole discretion, whether the vulnerability qualifies for a bounty payment.
For Students & Developers
Start automating instantly with FREE access to full-featured automation with Cloud Community Edition.