We appreciate that you have taken your time to report any vulnerabilities that you have found which may cause ACCA to be at risk. We endeavor to review and apply appropriate fixes to the vulnerabilities found.

ACCA is a non-profit organization and we currently have no bug bounty program set up nor do we offer any monetary reward. We kindly ask that you do not publicly publish any of your findings to either a personal blog or register. ACCA endeavors to acknowledge your findings and thank you for your time and effort.

If you believe you’ve found a security vulnerability in one of ACCA’s products or platforms, please send it to ACCA by emailing Vulnerability.Report@accaglobal.com.

Please include the following details with your report:

  1. Description of the location and potential impact of the vulnerability
  2. A detailed description of the steps required to reproduce the vulnerability (POC scripts, screenshots, and compressed screen captures are all helpful to ACCA)

ACCA will not accept the following:

  1. Privacy violations, degradation of user experience, disruption to production systems, and destruction of data during security testing.
  2. Information that is already publicly available.