It’s important that anybody can contact us, quickly and effectively, with security concerns or information pertinent to:
We operate this responsible disclosure policy to help security professionals and others alert us of any security concerns as quickly as possible and with the minimum of fuss.
2. Response Targets
Global will make reasonable efforts to meet the following response targets for ethical hackers participating in our programme:
We’ll try to keep you informed about our progress throughout the process and alert you if we’re delayed for any reason.
3. Disclosure Policy
We request that you always act responsibly and in the best interests of Global and our customers. In particular:
Out-of-scope areas and exceptions include:
When reporting an issue to us:
Please highlight security issues in third-party apps or websites that integrate with global.com;
It is important to follow the above guidelines so that we treat your communication as a responsible disclosure and not an attack or extortion.
All confirmed vulnerabilities will be considered, assessed and awarded a bounty based on severity as determined by our in-house team. We do not offer a published score against CVSS metrics or similar. Each submission is judged on its own merit, applying many factors such as severity, business function of the system, the cost to mitigate, etc.
We do not guarantee that a reward will be paid and Global’s assessment of the severity of an issue and the corresponding amount of any reward, if any, will be final.
To be eligible for a reward, you must agree and adhere to our rules set out in section 5 below.
By submitting a report, you agree to comply with the following rules:
2. The terms of our Privacy Notice. In particular, you agree that we can use your submission and its contents to ensure the security, integrity and reliable operation of our systems, technology and business; and
3. The applicable sections of our Terms and Conditions and Regulatory requirements, outlined here.
4. Upon Global’s request, you will agree and sign: (i) a Non-Disclosure Agreement; and (ii) a Letter of Undertakings, formally confirming that you have not downloaded, made copies of or shared with any third parties any information accessed by you and belonging to Global, and undertaking that you will continue to do the same.
Your submission should contain the following:
Please preserve as much evidence as possible as we may need to examine it.
We reserve the right to consider certain sites or subsites to be ineligible for any bounty or disclosure rewards.
It is important that we respond quickly and effectively, however, we take steps to manage spam to quickly identify relevant email and therefore quality submissions. We discourage and will not respond to:
We will respond quickly and gratefully if we believe that you are faithfully reporting an issue inline with these terms and in the best interests of Global and its customers.
6. Safe Harbour
Any activities conducted in a manner consistent with this policy will be considered authorized conduct and we will not initiate legal action against you. If legal action is initiated by a third party against you in connection with activities conducted in good faith and in accordance with this policy, we will take steps to make it known that your actions were conducted in compliance with this policy.
You must treat all information about our systems, staff or customers that comes into your possession or that you otherwise become aware of, which is not publicly available, as strictly confidential. You must not share or otherwise use it for any purpose other than emailing it to us as a submission as described above.
This policy exists entirely at our discretion and may be modified or cancelled at any time.
Thank you for helping keep Global and our users safe!