Welcome to JUMO’s Responsible Disclosure Policy
We encourage the global security community to support us in building a resilient, trustworthy technology stack. We ask that anyone looking for anomalies or vulnerabilities in our services follow the principles as outlined below. Please note that there is no monetary reward for disclosures.
Guidelines for Responsible Disclosure
We ask that all tinkerers:
- Avoid degrading the experience of our users, or disrupting any of our production systems.
- Avoid disclosing, tampering with, or destroying any data.
- Keep information about the vulnerability you have discovered confidential until we have had enough time to remediate it.
- Not use social engineering, physical attacks, or DDoS to probe our systems, or people.
- Send us your findings as soon as you can to firstname.lastname@example.org.
- Share detailed information with us, this helps us to confirm your finding and get working on a fix as fast as possible.
- Avoid breaking any applicable laws.
We will strive to:
- Respond to you within five business days, with our evaluation of your finding.
- Handle your report, and personal information confidentially and not share it with any third parties without your permission.
- In communication about the reported vulnerability we can state your name as the discoverer if you would like that.
- Not pursue or support any legal action related to your disclosure.
Please do not disclose:
- Denial of service attacks (DDoS)
- Findings from an automated scanner such as Nessus
- Username enumeration on the CMS
- XMLRPC (mitigations are in place)
Hall of Fame
Special thank you to those that have helped us so far:
no link supplied
Sujan Thapa Magar
no link supplied