Responsible Disclosure Policy
The security of our systems and the protection of user data are of great importance to us. Despite our efforts to keep our systems secure, there may be vulnerabilities present. If you have discovered a vulnerability, we would greatly appreciate it if you would share it with us so that we can take appropriate measures.
What we ask
In order to process your report in a responsible manner, we ask you to:
- Not use the vulnerability, for example by viewing, changing or deleting data.
- Not make the vulnerability public until it has been resolved by us.
- Provide sufficient details about the vulnerability so that we can reproduce and fix it.
- Not perform physical security, social engineering, denial-of-service or spam attacks.
What we promise
If you report a vulnerability in accordance with this policy, then:
- We will treat your report confidentially and will not share your personal data without permission.
- You will receive an acknowledgement of receipt of your report within three working days.
- We will inform you about the progress and results of your report.
- We will not take legal action against you if you act according to this policy.
- You may receive a non-monetary reward in the form of a bug bounty, depending on the severity of the vulnerability and the quality of the report.
Exceptions and points of attention
- This is not an invitation to scan our site in detail; that would be a nuisance to us and we will therefore actively prevent it.
- The rewards are not given for reports of problems on third-party sites and systems.
How can you make a report?
You can send your report to us at security@spielwork.com.