At Synchrony, we take the security of our online platforms very seriously. We understand that users may identify or come across security vulnerabilities while using our services or sites, and we encourage them to report these vulnerabilities to us in a responsible and lawful manner. Thank you in advance for your submission. Please note, Synchrony does not operate a public bug bounty program and we make no offer of reward or compensation in exchange for submitting potential issues.
Vulnerability Disclosure Program Guidelines:
Researchers shall disclose potential vulnerabilities in accordance with the following guidelines:
Do not perform any of the following actions;
By responsibly submitting your findings to Synchrony in accordance with these guidelines Synchrony agrees not to pursue legal action against you. Synchrony reserves all legal rights in the event of noncompliance with these guidelines.
Once a report is submitted, Synchrony commits to provide prompt acknowledgement of receipt of all reports (within three business days of submission) and will keep you reasonably informed of the status of any validated vulnerability that you report through this program.
Responses and communication regarding submissions may come from Bugcrowd. This Vulnerability Disclosure Program does not include monetary award or bounty.