Responsible Disclosure

Welcome to JUMO’s Responsible Disclosure Policy

We encourage the global security community to support us in building a resilient, trustworthy technology stack. We ask that anyone looking for anomalies or vulnerabilities in our services follow the principles as outlined below.

Guidelines for Responsible Disclosure

We ask that all tinkerers:

  • Avoid degrading the experience of our users, or disrupting any of our production systems.
  • Avoid disclosing, tampering with, or destroying any data.
  • Keep information about the vulnerability you have discovered confidential until we have had enough time to remediate it.
  • Not use social engineering, physical attacks, or DDoS to probe our systems, or people.
  • Send us your findings as soon as you can to responsibledisclosure@jumo.world.
  • Share detailed information with us, this helps us to confirm your finding and get working on a fix as fast as possible.
  • Avoid breaking any applicable laws.

We will strive to:

  • Respond to you within five business days, with our evaluation of your finding.
  • Handle your report, and personal information confidentially and not share it with any third parties without your permission.
  • In communication about the reported vulnerability we can state your name as the discoverer if you would like that.
  • Not pursue or support any legal action related to your disclosure.