LaLiga LaLiga Institutional
LaLiga with sport
LaLiga Group International, S.L. (hereinafter "LaLiga") is committed to information security of its products and services and, thus, it is top priority.
Likewise, LaLiga respects and appreciates cybersecurity researchers and ethical hackers who cooperate to notify security vulnerabilities responsibly so as to fix them diligently.
For these reasons, LaLiga supports people who discover and report security vulnerabilities through the current Vulnerability Disclosure Policy (hereinafter, the "Policy").
This document defines the scope, terms and conditions, and the procedure to report vulnerabilities for outsiders.
The Policy scope includes LaLiga web and mobile apps which link with it.
However, any software component, library, or software development kit (SDK) external to LaLiga is considered deliberately out of scope, despite the fact it is built in.
According to the European Union Agency for Cybersecurity (ENISA), the Policy defines a vulnerability as a weakness or a design or implementation error that can lead to an event that compromises the security of a device, operating system, network, programme or a protocol involved in any of the above.
Considering the above, LaLiga commit to:
Similarly, cybersecurity researchers or ethical hackers must comply with:
In case a cybersecurity researcher or ethical hacker discover a security vulnerability within the Policy scope, it could be notified LaLiga (in English or Spanish) at the email address cvd[@]laliga[.]es, providing the following information:
In addition, security vulnerabilities could be reported to the reference security incident response center for citizens and private law entities in Spain (INCIBE-CERT), according to its vulnerability disclosure policy.