Responsible Disclosure
Last updated: 7th January 2021
Reporting Guidelines
- Reach out to support@smartreach.io, if you have found any potential vulnerability in our products meeting all the below mentioned criteria. You can expect a confirmation from our security team in about 72 hours of submission.
- Please refrain from doing security testing in existing user accounts.
- When conducting security testing, make sure not to violate our privacy policies, modify/delete unauthenticated user data, disrupt production servers, or to degrade user experience.
- You’re allowed to disclose the discovered vulnerabilities only to support@smartreach.io.
- Documenting any potential In/Out of scope vulnerability to the public is against our responsible disclosure policy.
Qualifying Security Bugs
- All bugs that are reported are qualified based on its impact on customer’s production data.
- We will consider other security vulnerabilities if it is making an impact and exploitable with a working non-intrusive POC.
In Scope Domains
app.smartreach.io
Bugs Severity
SmartReach.io will define the severity of the issue based on the impact and the ease of exploit.
Response Time
| Response type | Time |
| Acknowledgement | Within 72 hours |
| Time taken to resolve | Based on the Severity |
Hall of Fame
We would like to thank the people listed here who have identified and responsibly disclosed security vulnerabilities with SmartReach.io .