Skip to content

Latest commit

 

History

History
20 lines (13 loc) · 2.84 KB

SECURITY.md

File metadata and controls

20 lines (13 loc) · 2.84 KB

Security Policy

Reporting a Vulnerability

If you discover a potential vulnerability in any of the web properties managed by Beck & Stone, please send an email to security@beckandstone.com.

All reported security vulnerabilities will be promptly addressed.

Scope

Beck & Stone recognizes the value external security researchers can bring to the security of our websites and the websites of our clients, and we welcome eligible contributions from security researchers, as outlined below. If you believe you have found a security vulnerability on our website (or a website that we manage), we encourage you to let us know right away. We will investigate all legitimate reports and do our best to quickly fix the problem. Before reporting, though, please review this page, including our responsible disclosure policy.

Responsible Research and Disclosure Policy

For you to participate in the program, we require that:

  • You do not interact with accounts (which includes modifying or accessing data from the accounts) without the account owner's explicit consent in writing, which you must produce upon request.
  • You make a good faith effort to avoid privacy violations and disruptions to others, including (but not limited to) unauthorized access to or destruction of data, and interruption or degradation of our services. You must not intentionally violate any applicable laws or regulations, including (but not limited to) laws and regulations prohibiting the unauthorized access to data.
  • If you inadvertently access another person's data or company data without authorization while investigating an issue, you must promptly cease any activity that might result in further access of user or company data and notify us what information was accessed (including a full description of the contents of the information) and then immediately delete the information from your system. Continuing to access another person's data or company data may demonstrate a lack of good faith and disqualify you from any benefit of the Safe Harbor Provisions described below. You must also acknowledge the inadvertent access in any related bug bounty report you may subsequently submit. You may not share the inadvertently accessed information with anyone else.
  • You do not exploit a security issue you discover for any reason other than for testing purposes, and you do not conduct testing outside of your own account, a test account, or another account for which you have the explicit written consent of the account owner to test. (This includes demonstrating additional risk, such as the risk that the security issue could be used to compromise sensitive company data or another user's account.)
  • You give us reasonable time to investigate and mitigate an issue you report before publicly disclosing any information about the report or sharing such information with others.