Safehats researcher needs to be responsible, professional, and leaders for global hacker community. They respect the rules, maintains privacy, patient, and behave responsible.
Respect is a mutual affairs. We also assure mutual respect from security teams in acknowledging your bug report, suitably rewarding you, and not take any unreasonable actions.
Let’s have a fair play and enjoy the game.
Dos and Don’t for Responsible Disclosure
We believe effective disclosure requires mutual respect and transparency between researchers and our security team.
- We request you not to do any public disclosure of a bug before it has been fixed. We will confirm receipt within 72 working hours of submission.
- Keep the information about any vulnerability you’ve discovered confidential between us until we have resolved the problem. Please allow us 3 to 10 days depending upon the Severity of issue for resolution of vulnerability.
- Make every effort to avoid privacy violations, degradation of user experience, disruption to production systems, and destruction of data during security testing.
- Please be respectful with our existing applications, and we request you not to run testcases which might disrupt our services.
- Please do not access to another user’s account or data without permission.
- Use only Test accounts to produce vulnerability and do not attempt on Live accounts
- Submit a bug only if you have exploited a real vulnerability (refer Scope Exclusion below)
- Do not use scanners or automated tools to find vulnerabilities. They’re noisy and might result in suspension of your user account / IP Address.
- We also request you not to attempt attacks such as social engineering, phishing. These kind of bugs will not be considered as valid ones, and if caught, might result in suspension of your account.
- The vulnerability/bug must be original and previously unreported. The first reporter will have benefit of the program.
- Any Improper public disclosure/ misuse of information will entitle us to take appropriate legal action.
- Perform the research as per the scope given below
- If you have any doubt, check the FAQ, or further email us email@example.com