Keeping user information safe and secure is a top priority and a core company value for us at inPhronesis. We welcome the contribution of external security researchers and look forward to awarding them for their invaluable contribution to the security of all inPhronesis users.
inPhronesis currently does not have a monetary reward program, but will publicly post thanks to security researchers that disclose vulnerabilities that adhere to this policy.
For now, the inPhronesis web application (https://invision.inphronesis.com) as well as the inPhronesis API are eligible for this disclosure program. The inVision Conference Connect mobile app as published in Google Play or the Apple Store are both in scope. The inPhronesis website (2024.inthoughtlabs.com) is not in scope.
To promote the discovery and reporting of vulnerabilities and increase user safety, we ask that you:
Please submit your disclosure report to [email protected]
We will not negotiate in response to duress or threats (e.g., we will not negotiate the payout amount under threat of withholding the vulnerability or threat of releasing the vulnerability or any exposed data to the public).
The following issues are outside the scope of our rewards program:
In general, any vulnerability with a CVSS 3 score lower than 4.0, unless it can be combined with other vulnerabilities to achieve a higher score. While we appreciate the report, we may not follow up or provide thanks and attribution.
We will not pursue civil action or initiate a complaint to law enforcement for accidental, good faith violations of this policy. We consider activities conducted consistent with this policy to constitute “authorized” conduct under the Computer Fraud and Abuse Act. To the extent your activities are inconsistent with certain restrictions in our Acceptable Use Policy, we waive those restrictions for the limited purpose of permitting security research under this policy. We will not bring a DMCA claim against you for circumventing the technological measures we have used to protect the applications in scope.
If your report addresses a vulnerability of an inPhronesis business partner, inPhronesis reserves the right to share your submission in its entirety, including your identity, with the business partner to help facilitate testing and resolution of the reported vulnerability. If legal action is initiated by a third party against you and you have complied with inPhronesis’ bug bounty policy, inPhronesis will take steps to make it known that your actions were conducted in compliance with this policy.
Please submit a report to us at [email protected] before engaging in conduct that may be inconsistent with or unaddressed by this policy.
We may modify the terms of this program or terminate this program at any time. We won’t apply any changes we make to these program terms retroactively.
Special thanks and attribution to the Dropbox team for Open Sourcing their VDP as well as the DHS for their template. If you have suggestions on how we can make this program better, please email us at [email protected].
Thanks to the following external security researchers that have reported valid vulnerabilities that we have been able to confirm and fix.
Raghav Khandelwal HackerOne profile: raghavkhandelwal
An AI-driven platform built specifically for life sciences designed to enhance efficiency by organizing, evaluating, visualizing, & sharing insights from pipeline, market landscape and clinical data.
As the president of inThought Labs, Chris is focused on constantly improving inVision, the leading competitive and market intelligence platform for the biopharmaceutical industry, to better meet the changing needs of clients.
With 20 years of experience in roles being a consumer of market and competitive information, Chris understands the needs and priorities of clients. Chris was a senior principal and co-founder of inThought, a life science consulting, market research, and analytics firm. Collaborating with Ben Weintraub, Chris also co-founded BiotechTracker, an online tool for investors and precursor to inVision. Previous to inThought, he was a healthcare analyst and co-portfolio manager at two investment firms. Chris served in health care policy roles at the White House Office of Management and Budget. These roles included Medicare Desk Officer at the Office of Information and Regulatory Affairs, where he was responsible for providing recommendations to senior White House policy officials on healthcare policies and regulations.
Chris has a Master in Business Administration from Harvard Business School, a Master in Engineering from Villanova University, and a Bachelor of Science in Engineering from Cornell University. Prior to attending Harvard Business School, Chris served on two U.S. Navy nuclear submarines and at the Pentagon.