Ladder Responsible Disclosure Policy

Overview

Security is a top priority at Ladder, and keeping our users' data safe is a core company value. While we strive for perfection, we recognize that working with skilled security researchers worldwide is essential to identifying and resolving vulnerabilities. This policy defines how to report vulnerabilities and how Ladder evaluates and remediates findings.

Reporting a Vulnerability

If you believe you have found a security issue in our products or services, please notify us at security@ladderlife.com. To help us triage your report quickly, please include:
  • A clear description of the issue and its potential impact.
  • The affected system, URL, or endpoint.
  • Step-by-step reproduction instructions.
  • Supporting evidence such as logs, screenshots, or code snippets.
  • For web requests, please add the header X-Ladder-Researcher: [your_name/email] to help us identify your testing traffic.

Scope

This policy applies to systems owned or operated by Ladder, including public web applications and APIs. Exclusions: This policy does not apply to third-party services not controlled by Ladder, denial of service (DoS) testing, social engineering, physical security testing, or any activity that degrades service availability.

Rules of Engagement

To qualify for "Safe Harbor," we ask that you conduct your research in good faith:
  • Do no harm: Use non-destructive testing and only interact with accounts you own.
  • Stop immediately: If you confirm a vulnerability or encounter sensitive data, stop testing and report it without delay. Do not retain, modify, or exfiltrate any data.
  • No Automated Scans: Please refrain from automated scanning without prior coordination so we can distinguish your traffic from legitimate threats.
  • Confidentiality: Do not publicly disclose the vulnerability until Ladder confirms remediation or 90 days have passed since our acknowledgment.

Safe Harbor

Ladder will not pursue legal action against researchers who follow this policy, act in good faith, and avoid harm to our systems, data, or users. Activity outside these guidelines may result in legal action.

Response & Rewards

We aim to be a responsive partner in your research:
  • Acknowledgement: We will acknowledge receipt of your report within 48 hours.
  • Triage: We perform initial triage within 3 to 5 business days.
  • Remediation: We prioritize fixes based on risk (CVSS), targeting 7 days for Critical and 30 days for High-severity issues.
Recognition and Rewards: While Ladder does not operate a formal, guaranteed bug bounty program, we may provide rewards at our discretion for high-quality, impactful reports. Each report and corresponding reward is considered on a case-by-case basis. Typical rewards are based on the assessed severity of the reported vulnerability.
Learn
Start an applicationLife insurance guideInsurance calculatorFAQs
About
About usContact usCareersBlogClaims
More
Sign inLadder APILadder for advisorsLadder for affiliatesLadder for agentsLadder @ Work
Follow
Terms  |  Licenses  |  Privacy  |  CA Privacy Notice  |  Your Privacy Choices  |  AccessibilityLadder Insurance Services, LLC (CA license 0K22568; AR license 3000140372) offers term life insurance policies: (i) in New York, on behalf of Wysh Life and Health Insurance Company, 720 E. Wisconsin Ave. Milwaukee, WI 53202 (policy form number SL.TERM.NY(06.2022)); (ii) in the District of Columbia and all states except New York on behalf of Amica Life Insurance Company, Lincoln, RI (policy form number ICC23P-AM100 and P-AM100); (iii) Fidelity Security Life Insurance Company®, Kansas City, MO in the District of Columbia and all states except New York (policy form number ICC23-M-1069 and M-1069, varies by state); and (iv) in the District of Columbia and all states except Connecticut and New York on behalf of S.USA Life Insurance Company, INC., Roanoke, VA (policy form number ICC23P-PL100 and P-PL100), a Prosperity Life Group company. Insurance policy prices, coverages, features, terms, benefits, exclusions, limitations and available discounts vary among these insurers and are subject to qualifications. Each insurer is solely responsible for any claims and has financial responsibility for its own products. Some prices start at $5/month based on a 20-year-old female rated Preferred-Plus for a $100K policy for a 10-year term. Individual rates will vary as specific circumstances will affect each customer’s rate. Rate valid as of 10/29/25.
Ladder - Among the Best No-Exam Life Insurance, Forbes Advisor, Best of 2024Ladder - Best Same-Day Term Life Insurance, Nerdwallet, Best of 2023©2017-2023 and TM, NerdWallet, Inc. All Rights Reserved.
2026 © LADDER FINANCIAL INC. All rights reserved.
We use cookies, APIs, and other similar technologies to understand and analyze your interactions with our site. By using our site, you consent to the use of these technologies as described in our Privacy Policy.