Report Security Issue
Report Security problems
we’ll review all legitimate vulnerability reports and can do our utmost to quickly resolve the difficulty. Before you report,
please review this document, as well as bedrock, bounty program, reward tips, and what shouldn’t be rumored. shop
Basic Principle: Report Security Issue
If you accommodate the principles below once coverage a security issue to the vistoi store,
we’ll not initiate a legal proceeding or enforcement investigation against you in response to your report. we have a tendency to raise that:
1. You provide vistoi store security affordable time to review and repair a difficulty you report before creating public any data concerning the report or sharing such data with others. Report Security Issue
2. You don’t move with a private account (which includes modifying or accessing knowledge from the account) if the account owner has not consented to such actions.
3. You make a decent religious effort to avoid privacy violations and disruptions to others, as well as (but not restricted to) destruction of information and interruption or degradation of our services.
4. You do not exploit a security issue you discover for any reason. (This includes demonstrating further risk, like the tried compromise of sensitive company knowledge or looking for further problems.)
5. You do not violate the other applicable laws or rules. Report Security Issue
Bounty Program: Report Security Issue
We acknowledge and reward security researchers United Nations agency facilitates vistoi store security and keeps individuals safe by coverage vulnerabilities in our services.
financial bounties for such reports are entirely at vistoi store fashion discretion, supported risk, impact, and different factors. To doubtless qualify for a bounty, you initially ought to meet the subsequent requirements: Report Security Issue
1. Adhere to our bedrock (see above).
2. Report a security bug: that’s, determine a vulnerability in our services or infrastructure that creates a security or privacy risk.
(Note that vistoi store fashion ultimately determines the chance of difficulty, which several bugs aren’t security problems.)
3. Submit your report via our “security@vistoi.com” email. Please don’t contact staff.
4. If you unknowingly cause a privacy violation or disruption (such as accessing account knowledge, service configurations,
or different confidential information) whereas investigation is a difficult, make sure to disclose this in your report. Report Security Issue
5. We investigate and reply to all valid reports. thanks to the degree of reports we have a tendency to receive, though,
we have a tendency to prioritize evaluations supported by risk and different factors, and you should take it slow before you receive a reply.
6. We reserve the correct to publish reports.
Rewards
Our rewards have supported the impact of a vulnerability. we’ll update the program over time with supported feedback,
thus please provide vistoi store security feedback on any part of the program you think that we will improve on. Report Security Issue
1. Please offer elaborated reports with consistent steps. If the report isn’t elaborated enough to breed the difficulty, the difficulty won’t be eligible for bounty.
2. When duplicates occur, we have a tendency to award the primary report that we will fully reproduce.
3. Multiple vulnerabilities caused by one underlying issue are going to be awarded one bounty. Report Security Issue
4. We verify bounty reward supported a range of things, as well as (but not restricted to) impact, simple exploitation, and quality of the report.
we have a tendency to specifically note the bounty rewards, these are listed below.
5. Amounts below are the most we’ll pay per level. we have a tendency to aim to be truthful, all reward amounts are at our discretion. shop
Critical severity Vulnerabilities ($100): Vulnerabilities that cause a privilege step-up on the platform from unprivileged to admin, permit remote code execution, money thievery, etc. Examples:
Remote Code Execution
- Remote Shell/Command Execution
- Vertical Authentication bypass
- SQL Injection that leaks targeted knowledge