Responsible Disclosure

Welcome to JUMO’s Responsible Disclosure Policy

We encourage the global security community to support us in building a resilient, trustworthy technology stack. We ask that anyone looking for anomalies or vulnerabilities in our services follow the principles as outlined below. Please note that there is no monetary reward for disclosures.

Guidelines for Responsible Disclosure

We ask that all tinkerers:

  • Avoid degrading the experience of our users, or disrupting any of our production systems.
  • Avoid disclosing, tampering with, or destroying any data.
  • Keep information about the vulnerability you have discovered confidential until we have had enough time to remediate it.
  • Not use social engineering, physical attacks, or DDoS to probe our systems, or people.
  • Send us your findings as soon as you can to responsibledisclosure@jumo.world.
  • Share detailed information with us, this helps us to confirm your finding and get working on a fix as fast as possible.
  • Avoid breaking any applicable laws.

We will strive to:

  • Respond to you within five business days, with our evaluation of your finding.
  • Handle your report, and personal information confidentially and not share it with any third parties without your permission.
  • In communication about the reported vulnerability we can state your name as the discoverer if you would like that.
  • Not pursue or support any legal action related to your disclosure.

Please do not disclose:

  • Denial of service attacks (DDoS)
  • Findings from an automated scanner such as Nessus
  • Username enumeration on the CMS
  • XMLRPC (mitigations are in place)

 

Hall of Fame

Special thank you to those that have helped us so far:

Gul Hameed

no link supplied

Disclosures

Sujan Thapa Magar

eminenceways.com

Disclosures

Virendra Yadav

linkedin.com/in/virendra-yadav-9232b115a

Disclosures

Sagar Aswani

linkedin.com/in/sagar-aswani-6b9816125/

Disclosures

Ajit Sharma

linkedin.com/in/ajit-sharma-90483655

Disclosures

Robert Aaron

linkedin.com/in/robert-aaron-14735b188

Disclosures

Ahmed Tuhin

twitter.com/kiirapooki1

Disclosures

Akhil Sabu

linkedin.com/in/akhil-sabu-a2136497

Disclosures

Dhanumaalaian

linkedin.com/in/dhanumaalaian-r-b34338189

Disclosures

Ajaysen

no link supplied

Disclosures

Sunil Kande

twitter.com/Sunilkande1137

Disclosures

Daksh Khurana

twitter.com/india_khurana

Disclosures

Steven Julian

linkedin.com/in/steven-julian22

Disclosures

Mayur Parmar

linkedin.com/in/th3cyb3rc0p

Disclosures

Nishant Lungare

linkedin.com/in/nishant-lungare-28b841157

Disclosures

Mohamed Saqib

linkedin.com/in/mohamed-saqib

Disclosures

Pritam Mukherjee

linkedin.com/in/pritam-mukherjee-urvil-b75ab9b9

Disclosures

Ronit Bhatt

linkedin.com/in/ronit-bhatt-653a7115b

Disclosures

Vismit Rakhecha

linkedin.com/in/vismit-sudhir-rakhecha-76209523

Disclosures

Manas Harsh

@manas_hunter

Disclosures

Pranshu Tiwari

linkedin.com/in/pranshu-tiwari-b5759b158

Disclosures