Custellence | Responsible Disclosure Policy
Version 1 – valid as of 24th of January 2022
We at Custellence take the security of our users’ data and our systems very seriously and always encourage our users and ethical hackers to report any found vulnerabilities to us.
In the case you want to report such a finding you may send in a report to us at email@example.com
The report should include: steps of reproduction, proof of concept and suggested mitigation.
After you have sent in your findings we will get back to you as soon as possible and report any updates directly to you.
To acknowledge the first person who alerts us with a security issue, previously unknown to us, we show our appreciation by offering to include you in the Hall of Fame.
If you wish to be included in the Hall of Fame please provide us with your name or alias and social media link (twitter, linkedin) which you want to be publicized.
Domains in scope is custellence.com and any subdomains except for: help.custellence.com
Social engineering and Denial of Service attacks, or any form of attack that could cause interruptions for other users, are not allowed to be performed against Custellence or any of its employees.
When you have found a bug you should immediately report it and not exploit it further.
You may not perform any attacks that could cause any harm to Custellence or its users or access any data you do not own yourself.
You may not publicly disclose the reported findings until a fix has been released.
Hall of Fame
Custellence is yet more secure for our customers thanks to the following people helping in reporting security issues to us following our disclosure guidelines above. We are very grateful for their assistance.
- Kunal Mhaske, LinkedIn profile