Revision History
Starbucks.com - Starbucks Bug Bounty Program
Show other documents from Starbucks.com
Version Comments
A new version has been published.
Many new changes have been added throughout. Please revise.
"Must be 18 or older to be eligible for an award" has been added under the section entitled "Legal".
This document has been completely rewritten and is now called the "Starbucks Bug Bounty Program" (previously "Information Security at Starbucks").
This is the initial version that ParanoidPaul captured. It is not necessarily the first version of the document.
Last Updated February 24 2014.

	Starbucks is committed to protecting our customers' personal information. We adhere to industry-leading standards to manage our network, secure our web and mobile applications, and set security policies across our organization. We treat the security and safety of our customers' personal information with utmost importance. 

	For the protection of our customers, Starbucks does not disclose, discuss or confirm security matters until comprehensively investigating, diagnosing and fixing any known issues. 

	If you have any questions about Starbucks' information security policies and practices, please email us at InformationSecurityServices@starbucks.com. 

HOW STARBUCKS WORKS WITH THE SECURITY RESEARCH COMMUNITY

	Starbucks recognizes the important contributions that the security research community can make. We welcome responsible and immediate reporting of potential security issues with our websites, online services, or mobile applications. If you are a member of the research community and would like to report an issue, please see the below guidelines:  

 	 Communicate to the Starbucks Information Security team (InformationSecurityServices@starbucks.com) the full details of any issue found.
 	 We ask that you do not disclose the issue to others until we've had reasonable time to address it.
 	 Please do not intentionally harm the experience or usefulness of the service to others.
 	 Do not attempt to view, modify, or damage data belonging to others.
 	 We will make every attempt to respond in a timely manner with acknowledgement of the potential security issue, an estimated timeframe for fixing the issue, and notification that the issue has been fixed.

	If you believe you have discovered an issue, please contact us at InformationSecurityServices@starbucks.com.

If you'd like to be notified when Starbucks.com makes updates to documents like this, choose which ones you'd like to subscribe to today (it's free!).