Welcome to JUMO’s Responsible Disclosure Policy
We encourage the global security community to support us in building a resilient, trustworthy technology stack. We ask that anyone looking for anomalies or vulnerabilities in our services follow the principles as outlined below.
Guidelines for Responsible Disclosure
We ask that all tinkerers:
- Avoid degrading the experience of our users, or disrupting any of our production systems.
- Avoid disclosing, tampering with, or destroying any data.
- Keep information about the vulnerability you have discovered confidential until we have had enough time to remediate it.
- Not use social engineering, physical attacks, or DDoS to probe our systems, or people.
- Send us your findings as soon as you can to firstname.lastname@example.org.
- Share detailed information with us, this helps us to confirm your finding and get working on a fix as fast as possible.
- Avoid breaking any applicable laws.
We will strive to:
- Respond to you within five business days, with our evaluation of your finding.
- Handle your report, and personal information confidentially and not share it with any third parties without your permission.
- In communication about the reported vulnerability we can state your name as the discoverer if you would like that.
- Not pursue or support any legal action related to your disclosure.