Taboola

Please note: This website includes an accessibility system. Press Control-F11 to adjust the website to the visually impaired who are using a screen reader. Press Control-F10 to open an accessibility menu.Popup headingClose Accessibility<ul> <li>Press enter for Accessibility for blind people who use screen readers</li> <li>Press enter for Keyboard Navigation</li> <li>Press enter for Accessibility menu</li> </ul> <ul> <li>Privacy Policy</li> <li>Cookie Policy</li> <li>Terms of Use</li> <li>Terms of Service</li> <li>Terms and Conditions</li> <li>Vulnerability Disclosure Policy</li> </ul> Vulnerability Disclosure Policy Last Update: June 20th, 2022 Brand Promise <p>Taboola, Inc., together with its affiliates (“Taboola”, “we”, “us”, or “our”) is committed to working<br> with security researchers to verify and address any potential vulnerabilities in our services that are<br> reported to us in accordance with this Vulnerability Disclosure Policy (“Policy”). We hope to foster<br> an open partnership with the security community, and we recognize that the work the community<br> does is important in continuing to ensure the safety and security of our customers, users, and<br> partners.</p> <p>We have developed this Policy to both reflect our corporate values and to uphold our legal<br> responsibility to good-faith security researchers that are providing us with their expertise and<br> security suggestions.</p> Program &amp. Scope <p>We ask that all security researchers submit vulnerability reports about any of the following<br> (collectively, the “Services”):</p> <ul> <li>Our website, www.taboola.com, the websites of our affiliates and subsidiaries (including Connexity and Skimlinks), or any Taboola website displaying our Privacy Policy<br> (collectively the “Sites”)</li> <li>Our content discovery platforms, feeds, widgets, analytics tools, and other technical<br> applications that we provide on third-party websites (collectively, the “Content Discovery<br> Platform”)</li> <li>The Taboola News suite of content-discovery tools available on mobile devices and<br> operating systems (including the Start line of products, collectively “Taboola News”)</li> </ul> Legal Posture <p>We openly accept vulnerability reports for the Services, and Taboola will not engage in legal action<br> against individuals who submit vulnerability reports in accordance with this Policy. We agree not to<br> pursue legal action against individuals who:</p> <ul> <li>Engage in vulnerability testing within the scope of this Policy.</li> <li>Engage in vulnerability testing involving only the Services.</li> <li>Engage in vulnerability testing without affecting or harming Taboola or its customers, users,<br> or partners.</li> <li>Adhere to the laws of their location and the location of Taboola. For example, violating laws<br> that would only result in a claim by Taboola (and not a criminal claim) may be acceptable as<br> Taboola is authorizing the activity (reverse engineering or circumventing protective<br> measures) to improve the Services.</li> <li>Refrain from disclosing vulnerability details to the public before a mutually agreed-upon<br> timeframe expires.</li> </ul> How to Report a Vulnerability <p>Please report the details of any suspected or detected vulnerabilities by submitting a vulnerability<br> report to Taboola’s Security Team at bountyprogram@taboola.com including all the following five<br> (5) elements:<br> Taboola, Inc. 16 Madison Square West, 7th fl. New York, New York 10010</p> <ul> <li>The date you tested for and found the vulnerability</li> <li>Any steps necessary to reproduce the vulnerability</li> <li>Supporting screenshot(s) in JPEG format (when relevant)</li> <li>A short description of the potential impact</li> <li>The following affirmative statement:</li> </ul> <p>I HAVE READ AND UNDERSTAND AND AGREE TO THE TERMS OF TABOOLA’S VULNERABILITY<br> DISCLOSURE POLICY (“POLICY”). I AGREE TO THE TABOOLA TERMS OF USE. I HAVE<br> COMPLIED AND WILL COMPLY WITH THE RULES OF THE POLICY AND THE TERMS OF USE. I<br> HAVE NOT DISCLOSED THIS SUBMISSION TO ANYONE. I DISCOVERED IT MYSELF. I WILL NOT<br> DISCLOSE THIS SUBMISSION TO ANYONE.</p> Preference, Prioritization, and Acceptance Criteria <p>We will use the following criteria to prioritize and triage submissions.<br> What we would like to see from you:</p> <ul> <li>Well-written reports in English will have a higher chance of resolution.</li> <li>Reports that include proof-of-concept code equip us to better triage.</li> <li>Reports that include only crash dumps or other automated tool output may receive lower<br> priority.</li> <li>Reports that include products not listed under Program &amp. Scope may receive lower priority.</li> <li>Please include how you found the vulnerability, the impact, and any potential remediation.</li> <li>Please include any plans or intentions for public disclosure.</li> </ul> <p>What you can expect from us:</p> <ul> <li>A timely response to your submission (within five business days).</li> <li>After triage, we will send an expected remediation timeline, and commit to being as<br> transparent as possible about such timeline, as well as on issues or challenges that may<br> extend it.</li> <li>An open dialog to discuss issues.</li> <li>Notification when the vulnerability analysis has completed each stage of our review.</li> <li>Recognition after the vulnerability has been validated and resolved.<br> Rewards</li> </ul> <p>We may reward submissions that help keep the Services safe and secure, provided that they<br> adhere to this Policy. Whether a reward is offered or not is at our sole and absolute discretion.</p> <ul> <li>Privacy Policy</li> <li>Cookie Policy</li> <li>Terms and Conditions</li> <li>Modern Slavery Act</li> <li>Israel Equal Pay Report</li> <li>Taboola Blog</li> </ul> Um unsere Webseite für Sie optimal zu gestalten und fortlaufend verbessern zu können, verwenden wir Cookies. Durch die weitere Nutzung der Webseite stimmen Sie der Verwendung von Cookies zu. weitere Informationen Bestätigen Sie