We believe ReportGarden’s products and services should be safe & secure for all our users. We treat security as our utmost priority and guide our decisions based on our Security and Privacy Principles. We take the security of our systems seriously, and we value the security community. Responsible disclosure of security vulnerabilities helps us ensure the security and privacy of our users.
Reporting Security Vulnerabilities
- Do provide sufficient information to reproduce the problem, so we will be able to resolve it as quickly as possible.
- Description of the location and potential impact of the vulnerability
- Steps required to reproduce the vulnerability (POC scripts, screenshots, and compressed screen captures)
- Do not take advantage of the vulnerability or problem you have discovered, for example by downloading more data than necessary to demonstrate the vulnerability or deleting or modifying other people’s data
- Access and expose customer data that is your own.
- Avoiding scanning techniques that are likely to cause degradation of service to other customers (e.g. by overloading the site).
- Keep within the guidelines of our Terms Of Service.
- Keep details of vulnerabilities secret until ReportGarden security team has been notified and had a reasonable amount of time to fix the vulnerability.
Refrain from Public Disclosure
Taking into consideration the safety of our customers/users please do not publish any security vulnerabilities. We expect to fix all security issues within 30 days from the date of the reported security issue. Once an issue has been fixed we will explicitly acknowledge this and at which time you are free to publish your work.
Thank you for your help with keeping ReportGarden’s products and services safe. We really appreciate it.
If you prefer to remain anonymous, we encourage you to use pseudonym when reporting.