NEW BALANCE'S RESPONSIBLE DISCLOSURE PROGRAM

Effective Date: August 23, 2024

Introduction

New Balance Athletics, Inc. and our global affiliates (“New Balance”) is committed to the security of our online platform and services. We appreciate the hard work the security research community puts into helping companies like New Balance identify risks in our platform and services. If you're a security researcher and have discovered security-related risks in our platform or services, we encourage you to submit your findings responsibly.

We will validate and fix security risks as soon as possible. We will not take legal action against and/or suspend/terminate accounts of security researchers who discover and report risks responsibly in accordance with the terms of this program. New Balance may modify the terms of this Responsible Disclosure Program at any time by posting an updated version here.

This is not a Bug Bounty Program, we make no promise of compensation for any findings; however, at New Balance’s sole discretion, you may be eligible for compensation based on the severity and impact of the finding. Employees and vendors of New Balance, and residents of countries on the U.S. sanctions list, are not eligible for compensation.

Reporting

Please use the form below to submit all security-related findings in English. New Balance will review your findings to determine if they are valid and/or previously reported. New Balance may reach out to you using the contact information you provide in order to request more information; if you fail to respond, your submission may be closed. Submissions missing required steps and documentation will not be accepted.

Scope:

http[s]://*.newbalance.com

Excludes Family Brands: Warrior, Brine and Team Sports.

Noncompliance

Public disclosure of the submission details of any identified or alleged vulnerability without express written consent from New Balance will result in immediate dismissal from this Responsible Disclosure Program. Such disclosure may also violate applicable law(s) and New Balance reserves all rights to seek legal action.

In addition, to remain compliant under this Responsible Disclosure Program, you are prohibited from:

  • Accessing, downloading, and/or modifying data residing in an account that does not belong to you.
  • Executing or attempting to execute any “Denial of Service” attack.
  • Posting, transmitting, uploading, linking to, sending, and/or storing any malicious software.
  • Testing in a manner that would result in the sending of unsolicited or unauthorized junk mail, spam, pyramid schemes, and/or other forms of unsolicited messages.
  • Testing in a manner that would degrade the operation of any New Balance system.
  • Testing third-party applications, websites, and/or services that integrate with or link to New Balance systems.