Instarem - Contest Terms & Conditions
Instarem Close

Instarem Vulnerability Disclosure Policy

We take security of our assets with utmost seriousness. We greatly appreciate the efforts of security researchers and discoverers who share information on security issues with us, giving us a chance to improve our products and services, and better protect our customers.

If you believe you have identified a potential vulnerability in Web or mobile applications, we encourage you to report us immediately at [email protected].

We ask that you follow our Vulnerability Disclosure Policy Guidelines and make a good faith effort to avoid privacy violations, destruction of data and interruption or degradation of our service during your research.

What's expected from the reporter?

  • A detailed PoC (Proof of Concept) with screenshots elaborating the exact steps performed to exploit the issue as well as highlighting the risks associated with it.
  • To ensure confidentiality, we insist that you password-protect the document before sharing with us.
  • Instarem urges the reporter to keep any communication regarding the vulnerability disclosure confidential.

Our Responsibility

Upon receiving a vulnerability report, Instarem shall investigate and verify the vulnerability, and determine if it's eligible for our reward program.

Few factors shall be taken into consideration before determine the eligibility:

  • Duplicate check. Whether the vulnerability has already been reported before.
  • Criticality of the vulnerability. In scoring or rating vulnerabilities, Instarem follows standard industry best practices to designate the vulnerability's impact as High, Medium or Low.
  • Potential impact to our infrastructure.

Post Confirmation of Vulnerability

  • Instarem shall then release a fix to address the issue at the earliest.
  • Instarem shall endeavour to keep the reporter apprised of the status of vulnerability.
  • Instarem shall reward the reporter with a credit as deemed appropriate.

  • NOTE: Only non-duplicate vulnerabilities classified as ‘High’ shall be considered for reward.


The following conditions are out of scope for the vulnerability disclosure program. Any of the activities below will result in disqualification from the program permanently.

  • Physical attacks against Instarem employees, offices.
  • Social engineering of Instarem employees, contractors, vendors, or service providers.
  • Knowingly posting, transmitting, uploading, linking to, or sending any malware.
  • Pursuing vulnerabilities which send unsolicited bulk messages (spam) or unauthorized messages.
  • Any vulnerability obtained through the compromise of a Instarem customer or employee accounts. If you need to test a vulnerability, please create a free account.

We top up your account with 25 InstaPoints as soon as you Sign Up.

InstaPoints are loyalty points that you can redeem against your transactions to give you a discount.

More The InstaPoints, More The Discount.

Instarem Chat
Your chat session is already active on another tab