GroundControl Bug Bounty Program

At GroundControl, we prioritize the security of our products and the protection of our customers. We appreciate the efforts of the security community and welcome responsible disclosures that help protect our customers, products, and infrastructure.

Last Updated: July 29, 2025

Scope

Our Bug Bounty Program covers vulnerabilities across all assets referenced from our domain. However, testing must be limited to our production web application: https://na-app.gndctl.com.

Please adhere to the following scope limitations:

  • Avoid high-frequency automated scanning or fuzzing.
  • Focus on manual inspection and probing techniques.

Out of scope

Vulnerabilities in third-party services not managed by Ground Control.

Social engineering attacks (e.g., phishing).

Denial of service (DoS) attacks or stress testing.

Reports from automated tools or scanners without clear exploitability.

Physical attacks against Ground Control employees or assets.

Responsible disclosure

We require that any vulnerabilities be reported directly to us via email at itsec@gndctl.com. The following guidelines should be followed:

  • Provide detailed steps to reproduce the vulnerability.
  • Do not exploit the vulnerability beyond the proof-of-concept needed to demonstrate it.
  • Give us a reasonable amount of time to address the issue before disclosing it to others.

Rewards

Rewards are based on the severity and impact of the vulnerability reported. The final reward amount will be determined at our discretion, with a maximum reward of up to $500.

Eligibility

The vulnerability must be previously unknown and not reported by another party.

The report must include sufficient information to reproduce the vulnerability.

You must comply with all applicable laws in connection with your testing and disclosure.

Legal

We will not pursue legal action against researchers who discover and report vulnerabilities in good faith and follow the rules of our bug bounty program.

Conclusion

We appreciate the efforts of the security community in making our products safer. Thank you for helping us protect our customers and improve our services.

For any questions or clarifications, feel free to reach out to us at itsec@gndctl.com.

Schedule a Demo

See GroundControl in action. Pick a time that works for you.