<!DOCTYPE html><!-- Last Published: Fri Nov 22 2024 08:30:49 GMT+0000 (Coordinated Universal Time) --><html data-wf-domain="www.eventcube.io" data-wf-page="6602e4c5d2ae1f94c2c36189" data-wf-site="60914c777b5c064bd504092a"><head><meta charset="utf-8"/><title>Trust &amp; Security</title><meta content="Join our growing team at Eventcube, see what jobs we currently have on offer." name="description"/><meta content="Trust &amp; Security" property="og:title"/><meta content="Join our growing team at Eventcube, see what jobs we currently have on offer." property="og:description"/><meta content="Trust &amp; Security" property="twitter:title"/><meta content="Join our growing team at Eventcube, see what jobs we currently have on offer." property="twitter:description"/><meta property="og:type" content="website"/><meta content="summary_large_image" name="twitter:card"/><meta content="width=device-width, initial-scale=1" name="viewport"/><link href="https://cdn.prod.website-files.com/60914c777b5c064bd504092a/css/eventcube-35f399.webflow.a8c561661.css" rel="stylesheet" type="text/css"/><link href="https://fonts.googleapis.com" rel="preconnect"/><link href="https://fonts.gstatic.com" rel="preconnect" crossorigin="anonymous"/><script src="https://ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js" type="text/javascript"></script><script type="text/javascript">WebFont.load({ google: { families: ["Barlow:100,100italic,200,200italic,300,300italic,regular,italic,500,500italic,600,600italic,700,700italic,800,800italic","Inter:200,300,regular,500,600,700,800"] }});</script><script type="text/javascript">!function(o,c){var n=c.documentElement,t=" w-mod-";n.className+=t+"js",("ontouchstart"in o||o.DocumentTouch&&c instanceof DocumentTouch)&&(n.className+=t+"touch")}(window,document);</script><link href="https://cdn.prod.website-files.com/60914c777b5c064bd504092a/673de71e2cf124e1c108f704_favicon-32x32%20copy.ico" rel="shortcut icon" type="image/x-icon"/><link href="https://cdn.prod.website-files.com/60914c777b5c064bd504092a/60c24f1e5514094e981c577f_256.png" rel="apple-touch-icon"/><script src="https://www.google.com/recaptcha/api.js" type="text/javascript"></script><!-- Termly Consent Banner --> <script type="text/javascript" src="https://app.termly.io/resource-blocker/15ce9bc0-01a8-4c3f-9958-be3a2bac1b5e?autoBlock=off" ></script> <!-- End Termly Consent Banner --> <!-- Google Tag Manager --> <script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start': new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0], j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src= 'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f); })(window,document,'script','dataLayer','GTM-5SWVQNC');</script> <!-- End Google Tag Manager --> <!-- Facebook domain verification --> <meta name="facebook-domain-verification" content="sno1fv0i46a8azeg2xf6lqkcntkrgz" /> <!-- Facebook domain verification --> <!-- Fastbase --> <script> (function () { var e,i=["https://fastbase.com/fscript.js","NChioyQTfb","script"],a=document,s=a.createElement(i[2]); s.async=!0,s.id=i[1],s.src=i[0],(e=a.getElementsByTagName(i[2])[0]).parentNode.insertBefore(s,e) })(); </script> <!-- End Fastbase --> </head><body><div data-animation="default" class="navbar w-nav" data-easing2="ease" data-easing="ease" data-collapse="medium" data-w-id="16a11e4a-6558-42fe-f39e-366c2f341e20" role="banner" data-no-scroll="1" data-duration="400"><div class="container-13 w-container"><div class="nav-logowrapper"><a href="/" class="nav-logo w-inline-block w-clearfix"><img src="https://cdn.prod.website-files.com/60914c777b5c064bd504092a/6091549e693edd1bf31c7159_ec_logo_white_text.27b6e56ce65a.png" loading="lazy" width="215" alt="" class="image"/></a><nav role="navigation" class="nav-menu-2 w-nav-menu"><div class="nav-linkwrapper"><div class="list"><div class="list-item border-bottom"><a href="/sell-tickets" class="w-inline-block"><h4 class="product-dropdown">Tickets</h4></a></div><div class="list-item border-bottom"><a href="/virtual-events" class="w-inline-block"><h4 class="product-dropdown">Virtual Events</h4></a></div><div class="list-item border-bottom"><a href="/memberships" class="w-inline-block"><h4 class="product-dropdown">Memberships</h4></a></div><div class="list-item border-bottom"><a href="/pricing" class="w-inline-block"><h4 class="product-dropdown">Pricing</h4></a></div></div><div class="mob-nav-flinks w-row"><div class="footer-col w-col w-col-6 w-col-tiny-6"><h6 class="grey">eventcube</h6><a href="/pricing" class="link-wrap w-inline-block"><div class="footerlink">Pricing</div></a><a href="/customers" class="link-wrap w-inline-block"><div class="footerlink">Customers</div></a><a href="/about-us" class="link-wrap w-inline-block"><div class="footerlink">About us</div></a><a href="/getting-started" class="link-wrap w-inline-block"><div class="footerlink">Request a Demo</div></a></div><div class="footer-col w-col w-col-6 w-col-tiny-6"><h6 class="grey">Community</h6><a href="/help-support" class="link-wrap w-inline-block"><div class="footerlink">Help &amp; Support</div></a><a href="/blog" class="link-wrap w-inline-block"><div class="footerlink">Blog</div></a><a href="/work-with-us" class="link-wrap w-inline-block"><div class="footerlink">Work with us</div></a><a href="/contact" class="link-wrap w-inline-block"><div class="footerlink">Contact</div></a></div></div></div><div class="nav-ctawrapper"><ul role="list" class="list-cta w-list-unstyled"><li class="list-item"><a href="https://manage.eventcube.io/account/login" target="_blank" class="btn-outline mr gold w-button">Log in</a></li><li class="list-item"><a href="/getting-started" class="btn-primary w-button">Get started</a></li></ul></div></nav></div><div class="menu-button w-nav-button"><div data-is-ix2-target="1" class="burger-icon" data-w-id="16a11e4a-6558-42fe-f39e-366c2f341e7f" data-animation-type="lottie" data-src="https://cdn.prod.website-files.com/60914c777b5c064bd504092a/609d1f6f1d2d8d201d7c6a9b_9789-burger-menu.json" data-loop="0" data-direction="1" data-autoplay="0" data-renderer="svg" data-default-duration="3" data-duration="0" data-ix2-initial-state="1"></div><div class="icon w-icon-nav-menu"></div></div></div></div><div class="nav-desktop"><header id="nav" class="main-nav"><div class="nav-linkwrapper"><ul role="list" class="list w-list-unstyled"><li class="list-item mr-1"><div data-hover="false" data-delay="0" class="dropdown old w-dropdown"><div class="product-dropdown w-dropdown-toggle"><h4 class="product-dropdown">Products</h4><div class="column-icon w-icon-dropdown-toggle"></div></div><nav class="dropdown-list w-dropdown-list"><div class="columns-5 w-row"><div class="nav-products-column w-col w-col-3"><h6 class="heading-6 grey underline pb-1">tickets</h6><a href="/sell-tickets/features" class="nav-product w-inline-block"><div class="columns-3 w-row"><div class="col-prod w-col w-col-3"><img src="https://cdn.prod.website-files.com/60914c777b5c064bd504092a/6093faf7751e4a3a55164d2b_tickets.svg" loading="lazy" alt=""/></div><div class="nav-producttext w-col w-col-9"><h4 class="my-0 nolink small">Tickets</h4><p class="body grey small">Sell real &amp; virtual events<br/></p></div></div></a></div><div class="nav-products-column w-col w-col-3"><h6 class="heading-6 grey underline pb-1">Virtual Events</h6><a href="/virtual-events/broadcast" class="nav-product w-inline-block"><div class="columns-3 w-row"><div class="col-prod w-col w-col-3"><img src="https://cdn.prod.website-files.com/60914c777b5c064bd504092a/6093faf798d13d4dcf2645f2_broadcast.svg" loading="lazy" alt="" class="product-icons"/></div><div class="nav-producttext w-col w-col-9"><h4 class="my-0 nolink small">Broadcast</h4><p class="body grey small">Stream, chat &amp; polls<br/></p></div></div></a><a href="/virtual-events/venue" class="nav-product w-inline-block"><div class="columns-3 w-row"><div class="col-prod w-col w-col-3"><img src="https://cdn.prod.website-files.com/60914c777b5c064bd504092a/6093faf7ee549b1725f7b90d_venue.svg" loading="lazy" alt="" class="product-icons"/></div><div class="nav-producttext w-col w-col-9"><h4 class="my-0 nolink small">Venue</h4><p class="body grey small">Online stages &amp; networking<br/></p></div></div></a><a href="/virtual-events/on-demand" class="nav-product w-inline-block"><div class="columns-3 w-row"><div class="col-prod w-col w-col-3"><img src="https://cdn.prod.website-files.com/60914c777b5c064bd504092a/609530cab8edb819b78e69fb_ondemand.svg" loading="lazy" alt="" class="product-icons"/></div><div class="nav-producttext w-col w-col-9"><h4 class="my-0 nolink small">On Demand</h4><p class="body grey small">Flexible video service<br/></p></div></div></a><a href="/virtual-events-products" class="arrowlink ml-3 w-inline-block"><img src="https://cdn.prod.website-files.com/60914c777b5c064bd504092a/60926210ffa91580dd212bae_arrow.svg" loading="lazy" width="16" alt="" class="arrowlink-arrow"/><div class="arrowlink-text">View all</div></a></div><div class="nav-products-column w-col w-col-3"><h6 class="heading-6 grey underline pb-1">Memberships</h6><a href="/memberships" class="nav-product w-inline-block"><div class="columns-3 w-row"><div class="col-prod w-col w-col-3"><img src="https://cdn.prod.website-files.com/60914c777b5c064bd504092a/6093faf6b99cb91b22c5c06d_membership.svg" loading="lazy" alt="" class="product-icons"/></div><div class="nav-producttext w-col w-col-9"><h4 class="my-0 nolink small">Memberships</h4><p class="body grey small">Subscription management<br/></p></div></div></a></div><div class="nav-products-column nav-products-services w-col w-col-3"><h6 class="heading-6 grey underline pb-1">Services</h6><a href="/services/production-studio" class="nav-producttext mt-1 mb-2 w-inline-block"><h4 class="my-0 nolink small">Production Studio</h4><p class="body grey small">Custom live stream design, production &amp; delivery<br/></p></a><a href="/services/bespoke" class="nav-producttext mt-1 w-inline-block"><h4 class="my-0 nolink small">Bespoke</h4><p class="body grey small">White-label platform customisations, design and development services<br/></p></a></div></div><div class="container-10 w-container"></div></nav></div></li><li class="product-dropdown"><a href="/sell-tickets" class="product-dropdown w-button">Tickets</a></li><li class="product-dropdown"><a href="/virtual-events" class="product-dropdown w-button">Virtual Events</a></li><li class="product-dropdown"><a href="/memberships" class="product-dropdown w-button">Memberships</a></li><li class="product-dropdown"><a href="/pricing" class="product-dropdown w-button">Pricing</a></li></ul></div><div class="nav-logowrapper"><a href="/" class="nav-logo w-inline-block w-clearfix"><img src="https://cdn.prod.website-files.com/60914c777b5c064bd504092a/6091549e693edd1bf31c7159_ec_logo_white_text.27b6e56ce65a.png" loading="lazy" alt="" class="image"/></a></div><div class="nav-ctawrapper"><ul role="list" class="list w-list-unstyled"><li class="list-item"><a href="https://manage.eventcube.io/account/login" class="btn-outline mr w-button">Log in</a></li><li class="list-item"><a id="nav-cta" href="/getting-started" class="btn-primary w-button">Get started</a></li></ul></div></header></div><div class="feature-01-intro pb-6"><div class="center-introtext w-container"><h6 class="center">Trust &amp; Security</h6><h2 class="center">Vulnerability Disclosure Program</h2><p data-w-id="5cbacad3-b7f7-6226-3b22-b196581b8965" class="center"></p></div><div class="legal-container w-container"><p>At Eventcube, we understand the immense responsibility that comes with safeguarding the data entrusted to us by our valued customers. This responsibility is one that we approach with the utmost diligence and commitment. We deeply appreciate the invaluable efforts of security researchers and the broader security community in enhancing online security and privacy.<br/><br/>Eventcube&#x27;s vulnerability disclosure program is a recognition and appreciation of security researchers who responsibly disclose vulnerabilities to us. This program outlines the conditions and processes we follow to manage disclosed vulnerabilities. Our aim is to issue confidence among both our customers and security researchers, ensuring that Eventcube, our customers, and their data remain secure.<br/><br/>Through transparent and collaborative efforts, we strive to create an environment where security researchers feel empowered to contribute their expertise, enabling us to continually strengthen our security posture and protect the sensitive information entrusted to us.</p><div class="w-richtext"><h3>Guidelines</h3><p>Eventcube requests that all researchers follow the below guidelines.</p><p><strong>Privacy first</strong></p><ul role="list"><li>Approach security assessments with discretion.</li><li>Prioritize safeguarding user data and experience.</li></ul><p><br/><strong>Non disruptive</strong></p><ul role="list"><li>Tread carefully around production environments.</li><li>Data integrity is paramount, handle with care.</li></ul><p>‍<br/><strong>Due diligence</strong></p><ul role="list"><li>Security testing demands good faith efforts.</li><li>Violating trust undermines the entire endeavor.<br/></li><li>Perform research only within the scope set out below</li><li>Provide a detailed report through our direct security channel, that includes: Steps to replicate the issue (screenshots, videos, etc), location of issue, the names of accounts you have created / used, your contact details</li><li>Wait for our consent to discuss a vulnerability </li><li>Respectfully reach out to Eventcube </li><li>Reduce overly broad use of automated scanning tools</li></ul><p>‍</p><h3><strong>Policies</strong></h3><p>Eventcube genuinely values the assistance of security researchers and others in the security community to help keep our systems secure. However, we insist that researchers follow the rules set out in this Responsible Disclosure Policy when reporting a security vulnerability to us.</p><ul role="list"><li>Eventcube will define the severity of the issue based on the impact and the ease of exploitation.</li><li>We will initiate necessary actions to fix the vulnerability in line with our commitment to security and privacy and notify you once we fix it.</li><li>When conducting security testing, please ensure that you do not violate any of our privacy policies, modify or delete unauthenticated user data, disrupt production servers, or degrade user experience in any way.</li><li>You must not exploit a security vulnerability that you discover for any reason.</li><li>Conduct research only within the scope set out in our guidelines.</li><li>Use the identified communication channel, i.e., security@eventcube.io, to report any vulnerability to us.</li><li>Documenting or publishing the vulnerability details in any public domain goes against our responsible disclosure policy.</li><li>Eventcube commits to publicly acknowledge and recognize your responsible disclosure on our Hall of Fame page.</li><li>Eventcube determines recognition in the Hall of Fame based on a variety of factors, including (but not limited to) impact, ease of exploitation, and quality of the report. Note that extremely low-risk vulnerabilities may not qualify for the Hall of Fame at all.</li><li>In the event of duplicate reports, we give recognition to the first person to submit a vulnerability. (Eventcube determines duplicates and may not share details on the other reports).</li></ul><p>‍</p><h3><strong>In Scope Targets</strong></h3><p><a href="http://www.eventcube.io/">www.eventcube.io</a><a href="http://www.manage.eventcube.io/"><br/>manage.eventcube.io</a></p><p>Any other Eventcube sites that include a security.txt file (i.e. https://&lt;site&gt;/security.txt)</p><p>‍</p><h3>In-Scope Vulnerabilities:</h3><ul role="list"><li>SQL/XXE Injection and command injection</li><li>Server-side request forgery (SSRF)</li><li>Remote code execution (RCE)</li><li>Misconfiguration issues on servers and application</li><li>Cross-site request forgeries (CSRF)</li><li>Cross-Site Scripting (XSS)</li><li>Authentication and authorization-related issues</li></ul><p>‍</p><h3><strong>Out-of-Scope Vulnerabilities:</strong></h3><ul role="list"><li>Social engineering (including phishing) with any Eventcube staff or contractors</li><li>Denial of Service, Distributed-DoS</li><li>X-Frame-Options related, missing cookie flags on non-sensitive cookies;</li><li>Missing security headers that do not lead directly to a vulnerability.</li><li>Version exposure (unless you deliver a PoC of working exploit)</li><li>Directory listing with already publicly readable content</li><li>Information disclosure not associated with a vulnerability, i.e.: stack traces, application or server errors, robots.txt, etc</li><li>Use of known-vulnerable libraries without proof of exploitation such as OpenSSL</li><li>Log-in or forgotten password page brute forcing and account lockout not being enforced</li><li>Application denial of service by locking user accounts</li><li>Reports from automated scripts or scanners</li><li>Clickjacking and issues only exploitable through clickjacking</li><li>SSL issues such as BEAST, BREACH, renegotiation attack, forward secrecy not enabled, weak/insecure cipher suites, and missing best practices</li><li>HTTP TRACE or OPTIONS methods enabled</li><li>Open ports without an accompanying proof-of-concept demonstrating vulnerability</li><li>Reflected XSS (unless you deliver a PoC showing impact)</li><li>Formula Injection or CSV Injection</li><li>EXIF data not stripped on images</li><li>Rate limiting</li><li>Missing HTTP security headers and cookie flags on insensitive cookies</li><li>Email - issues related to SPF/DKIM/DMARC</li><li>User email enumeration</li></ul><p>‍</p><p>‍</p><h3><strong>Submissions we do not want to receive</strong></h3><p>In the unlikely scenario you discover any sensitive information we request that you either describe or redact the below information in your submission.</p><ul role="list"><li>Personally Identifiable Information</li><li>Cardholder data, that includes card details</li></ul><p>‍</p><h3><strong>Rewards</strong></h3><p>‍<strong>Critical Risk: $150 &amp; Hall of Fame</strong><br/>Examples: <em>Remote code execution, unrestricted access to underlying file systems or databases, or vulnerabilities bypassing significant security controls.<br/><br/></em><strong><em>‍</em>High Risk: $100 &amp; Hall of Fame</strong><br/>Examples: <em>Stored XSS, IDOR, etc<br/><br/></em><strong><em>‍</em>Medium to Low Risk</strong><br/>Hall of Fame</p><p>‍</p><h3>Reporting Guidelines</h3><p>When you report a vulnerability to us, please provide the following details in the report:</p><ul role="list"><li>Description and potential impact of the vulnerability.</li><li>A detailed description of the steps required to reproduce the vulnerability.</li><li>Where available, a video recording.</li><li>Your preferred name/handle for recognition in our Security researcher hall of fame.</li></ul><p>‍</p><h3>How to Report</h3><p>Please email <a href="mailto:security@eventcube.io">security@eventcube.io</a> if you have found any potential vulnerabilities in our product and infrastructure and our security team will acknowledge your submission within 7 days.</p><p>‍</p></div></div></div><div class="section-wrapper hallf-of-fame-wrapper"><div class="box-shadow mt-5 hallfoffame"><div class="center-introtext w-container"><h6 class="center">Hall of fame</h6><h2 class="center">Our Hall of Fame recognises the efforts of researchers who have helped improve the security of Eventcube </h2><p data-w-id="5cbacad3-b7f7-6226-3b22-b196581b8965" class="center"> </p></div><div class="div-block"><a href="/hall-of-fame" class="btn-primary large w-button">View Hall of Fame</a></div></div></div><div class="footer"><div class="footer-wrap"><img src="https://cdn.prod.website-files.com/60914c777b5c064bd504092a/60955c6968e069f9b81e1572_eventcubelogo.svg" loading="lazy" alt="" class="image-4"/><div class="columns-4 w-row"><div class="footer-col w-col w-col-3 w-col-tiny-6"><h6 class="grey">eventcube</h6><a href="/pricing" class="link-wrap w-inline-block"><div class="footerlink">Pricing</div></a><a href="/customers/event-ticketing-customers" class="link-wrap w-inline-block"><div class="footerlink">Customers</div></a><a href="/about-us" class="link-wrap w-inline-block"><div class="footerlink">About us</div></a><a href="/getting-started" class="link-wrap w-inline-block"><div class="footerlink">Getting started</div></a><a href="/contact" class="link-wrap w-inline-block"><div class="footerlink">Contact</div></a></div><div class="footer-col w-col w-col-3 w-col-tiny-6"><h6 class="grey">Products</h6><a href="/sell-tickets" class="link-wrap w-inline-block"><div class="footerlink">Tickets</div></a><a href="/virtual-events" class="link-wrap w-inline-block"><div class="footerlink">Virtual Events</div></a><a href="/memberships" class="link-wrap w-inline-block"><div class="footerlink">Memberships</div></a></div><div class="footer-col w-col w-col-3 w-col-tiny-6"><h6 class="grey">Solutions</h6><a href="/virtual-events/features" class="link-wrap w-inline-block"><div class="footerlink">Host your event online</div></a><a href="/event-ticketing" class="link-wrap w-inline-block"><div class="footerlink">Self service event ticketing</div></a><a href="/virtual-events/live-stream-scheduling" class="link-wrap w-inline-block"><div class="footerlink">Live stream scheduling</div></a><a href="/virtual-events/hybrid-events-platform" class="link-wrap w-inline-block"><div class="footerlink">Host your hybrid event</div></a><a href="/virtual-events/virtual-conferencing" class="link-wrap w-inline-block"><div class="footerlink">Host your conference online</div></a><a href="/enterprise-events" class="link-wrap w-inline-block"><div class="footerlink">Enterprise events</div></a></div><div class="footer-col w-col w-col-3 w-col-tiny-6"><h6 class="grey">Community</h6><a href="/help-support" class="link-wrap w-inline-block"><div class="footerlink">Help &amp; Support</div></a><a href="/blog" class="link-wrap w-inline-block"><div class="footerlink">Blog</div></a><a href="/work-with-us" class="link-wrap w-inline-block"><div class="footerlink">Work with us</div></a><a href="/write-for-us" class="link-wrap w-inline-block"><div class="footerlink">Write for us</div></a><a href="/trust-security" aria-current="page" class="link-wrap w-inline-block w--current"><div class="footerlink">Trust &amp; Security</div></a><a href="/for-developers" class="link-wrap w-inline-block"><div class="footerlink">For Developers</div></a></div></div></div><div class="footer-bottom"><div class="footerlink grey small">© Eventcube. All rights reserved.<br/></div><div class="div-block-6"><a href="/legal/privacy-policy" class="link-wrap w-inline-block"><div class="footerlink grey small mr-1">Privacy Policy</div></a><a href="/legal/terms-conditions" class="link-wrap w-inline-block"><div class="footerlink grey small mr-1">Terms &amp; Conditions</div></a><a href="/legal/cookie-policy" class="link-wrap w-inline-block"><div class="footerlink grey small mr-1">Cookie Policy</div></a></div></div></div><script src="https://d3e54v103j8qbb.cloudfront.net/js/jquery-3.5.1.min.dc5e7f18c8.js?site=60914c777b5c064bd504092a" type="text/javascript" integrity="sha256-9/aliU8dGd2tb6OSsuzixeV4y/faTqgFtohetphbbj0=" crossorigin="anonymous"></script><script src="https://cdn.prod.website-files.com/60914c777b5c064bd504092a/js/webflow.02830ee9f.js" type="text/javascript"></script><script> window.intercomSettings = { app_id: "60gblyms", custom_launcher_selector: '.launchchat' }; (function(){var w=window;var ic=w.Intercom;if(typeof ic==="function"){ic('reattach_activator');ic('update',intercomSettings);}else{var d=document;var i=function(){i.c(arguments)};i.q=[];i.c=function(args){i.q.push(args)};w.Intercom=i;function l(){var s=d.createElement('script');s.type='text/javascript';s.async=true;s.src='https://widget.intercom.io/widget/60gblyms';var x=d.getElementsByTagName('script')[0];x.parentNode.insertBefore(s,x);}if(w.attachEvent){w.attachEvent('onload',l);}else{w.addEventListener('load',l,false);}}})() </script></body></html>