Security

• Pal Patel
• Shivam Kumar Agarwal
• Prial Islam – ErrOr SquaD BD
• Muhammad Shahzaib
• Suvadip Kar
• Ahsankhan
• Md. Nur A alam Dipu
• Adesh Nandkishor Kolte
• Sameer Bhatt
• Piyush Kumar
• Pethuraj M
• Harsh Joshi
• Er Smit Bhanushali
• Pratik Luhana
• Mustafa Khan
• Navneet Singh
• Jens Müller
• Akash Bhosle
• Fahimul Kabir Lemon
• Chitranshu Jain
• Dhanumaalaian.R
• Tarun Garg

• Abdul Wasay
• Noman Shaikh
• Jolan Saluria
• Khan Janny
• Himanshu Rahi
• Bilal Abdussalam
• Ace Candelario
• Pankaj Rane
• Shivram Chouhan
• Pulkit Singh
• Sumit Sahoo
• Athul Jayaram
• MohammadYahya
• Ali Hassan Ghori
• Yash Mehta
• Shwetabh Suman
• Ifrah Iman
• Lakshay Gupta
• csanuragjain
• Pritam Mukherjee
• Agung S Lages

• Koutross Naddara
• Harry Gertos
• Mohammad Abdullah – ErrOr SquaD BD
• Ankit Pandey
• Pace Hitech
• Yeasir Arafat
• Atik Rahman
• Sanjay Singh Jhala
• Kaushal Parikh
• Sunil Yedla
• Mahender Singh
• RITIKA and JERRY
• Shivam Kamboj
• Abin Joseph
• Kaushik Sardar
• Rabsun Sarkar
• Raghavendra Singh
• Rafid Hasan Khan
• Mahmudul Hasan (SecMiner’s_BD)
• Muhammad Julfikar Hyder
• Saurabh Patil

In accordance with our responsible disclosure policy, if you believe you have found a security vulnerability on Chalk, we encourage you to contact us immediately. We will not bring any lawsuit or law enforcement investigation against you so long as you give us reasonable time to respond to your report before making any information public and make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service during your research.

Non-qualifying Vulnerabilities
The following vulnerabilities are frequently reported to us but are either not exploitable or have a very low risk.

• Anything related to standard WordPress functionality (XMLRPC API, WP-JSON API, load-scripts.php, etc.)
  • Please contact WordPress in accordance with their bug bounty policy instead
• DoS on www.chalk.com
• Lack of CSP on www.chalk.com
• Password strength policy