Last updated: 7th January 2021
- Reach out to firstname.lastname@example.org, if you have found any potential vulnerability in our products meeting all the below mentioned criteria. You can expect a confirmation from our security team in about 72 hours of submission.
- Please refrain from doing security testing in existing user accounts.
- When conducting security testing, make sure not to violate our privacy policies, modify/delete unauthenticated user data, disrupt production servers, or to degrade user experience.
- You’re allowed to disclose the discovered vulnerabilities only to email@example.com.
- Documenting any potential In/Out of scope vulnerability to the public is against our responsible disclosure policy.
Qualifying Security Bugs
- All bugs that are reported are qualified based on its impact on customer’s production data.
- We will consider other security vulnerabilities if it is making an impact and exploitable with a working non-intrusive POC.
In Scope Domains
SmartReach.io will define the severity of the issue based on the impact and the ease of exploit.
|Acknowledgement||Within 72 hours|
|Time taken to resolve||Based on the Severity|
Hall of Fame
We would like to thank the people listed here who have identified and responsibly disclosed security vulnerabilities with SmartReach.io .