We believe ReportGarden’s products and services should be safe & secure for all our users. We treat security as our utmost priority and guide our decisions based on our Security and Privacy Principles. We take the security of our systems seriously, and we value the security community. Responsible disclosure of security vulnerabilities helps us ensure the security and privacy of our users.

Reporting Security Vulnerabilities

If you have found a security vulnerability in ReportGarden’s products or services, we appreciate your help in responsibly disclosing the details to our team. Please email us at devops@reportgarden.com. To help us fix the issue faster, please use the following guidelines when sending your report:

  • Do provide sufficient information to reproduce the problem, so we will be able to resolve it as quickly as possible.
  • Description of the location and potential impact of the vulnerability
  • Steps required to reproduce the vulnerability (POC scripts, screenshots, and compressed screen captures)

We do our best to respond to your reports in a timely manner. We aim to respond within 3 business days, however some reports take longer than others to investigate. If you do not receive any response from us the issue may have already been reported or the description provided by isn’t understandable. Repeated emails will NOT result in a quicker response, and may bump your report to the end of the queue.

We request you to adhere to the principles of responsible disclosure which are, but not limited to

  • Do not take advantage of the vulnerability or problem you have discovered, for example by downloading more data than necessary to demonstrate the vulnerability or deleting or modifying other people’s data
  • Access and expose customer data that is your own.
  • Avoiding scanning techniques that are likely to cause degradation of service to other customers (e.g. by overloading the site).
  • Keep within the guidelines of our Terms Of Service.
  • Keep details of vulnerabilities secret until ReportGarden security team has been notified and had a reasonable amount of time to fix the vulnerability.

Refrain from Public Disclosure

Taking into consideration the safety of our customers/users please do not publish any security vulnerabilities. We expect to fix all security issues within 30 days from the date of the reported security issue. Once an issue has been fixed we will explicitly acknowledge this and at which time you are free to publish your work.

Thanks!

Thank you for your help with keeping ReportGarden’s products and services safe. We really appreciate it.

If you prefer to remain anonymous, we encourage you to use pseudonym when reporting.