Responsible Vulnerability Disclosure Policy

Security is core to our values, and we value the input of hackers acting in good-faith to help us maintain a high standard for the security and privacy for our users.

Policy

Security is core to our values, and we value the input of hackers acting in good-faith to help us maintain a high standard for the security and privacy for our users. This includes encouraging responsible vulnerability research and disclosure. This policy sets out our definition of good-faith in the context of finding and reporting vulnerabilities, as well as what you can expect from us in return.

When working with us according to this policy, you can expect us to:

Scope

The following types of research are strictly prohibited:

Rewards

There is currently no reward plan in place, however we are currently in the process of scoping one.

Disclosure Policy

Discretionary Disclosure: The researcher or the program owner can request mutual permission to share details of the vulnerability after approval is explicitly received.

Ground Rules

To encourage vulnerability research and to avoid any confusion between legitimate research and malicious attack, we ask that you attempt, in good faith, to:

Safe Harbor

When conducting vulnerability research according to this policy, we consider this research conducted under this policy to be:

Official Communications Channels

Please send all communications to: security@whooshkaa.com

If you think you have found a vulnerability, please include the following details with your report and be as descriptive as possible: