Responsible Disclosure Policy

At Vizhil.com, we take the security of our systems and customer data seriously. We recognize the valuable role that security researchers and individuals in the broader community play in helping us identify and address potential vulnerabilities. Our Responsible Disclosure Policy outlines the guidelines and procedures for reporting security vulnerabilities to us in a responsible manner.

Guidelines for Responsible Disclosure:

  • Scope

    We encourage the responsible disclosure of any security vulnerabilities that could compromise the confidentiality, integrity, or availability of our systems or customer information. This includes, but is not limited to, vulnerabilities such as:

    • Cross-Site Scripting (XSS)
    • Cross-Site Request Forgery (CSRF)
    • Server-Side Request Forgery (SSRF)
    • SQL Injection (SQLi)
    • Authentication Bypass
    • Remote Code Execution (RCE)
    • Information Disclosure
  • Reporting Process

    To report a security vulnerability, please send an email to [Security Email Address] with a detailed description of the vulnerability, including steps to reproduce, any proof-of-concept code or screenshots, and any additional information that may be relevant.

    We encourage researchers to encrypt sensitive information using our PGP public key, which can be obtained upon request.

    We commit to acknowledging receipt of your report within [specified timeframe] and to providing regular updates on the status of our investigation and resolution efforts.

    We ask that you refrain from disclosing details of the vulnerability to the public or third parties until we have had an opportunity to assess and address the issue.

  • Protection of Researchers

    We will not take legal action against security researchers who act in good faith and adhere to the guidelines outlined in this policy.

    We respect the confidentiality and anonymity of security researchers who report vulnerabilities to us. If requested, we will work with researchers to provide credit for their findings in accordance with their preferences.We respect the confidentiality and anonymity of security researchers who report vulnerabilities to us. If requested, we will work with researchers to provide credit for their findings in accordance with their preferences.

  • Responsible Disclosure Principles

    Researchers must refrain from any actions that could cause harm to Vizhil.com, its users, or its systems during their investigation.

    Researchers must comply with all applicable laws and regulations and respect the privacy of our users and their data.

    Researchers should not exploit or attempt to exploit identified vulnerabilities for any purpose other than to demonstrate the existence of the vulnerability and assist us in mitigating the risk.

  • No Bounty Program

    While we greatly appreciate the efforts of security researchers in helping us maintain the security of our systems, we do not currently offer financial rewards or bounties for vulnerability disclosures.

  • Contact Information

    Security Email Address: [email protected]

    PGP Public Key: Available upon request

  • By submitting a vulnerability report to Vizhil.com, you acknowledge that you have read, understood, and agree to abide by the guidelines outlined in this Responsible Disclosure Policy.
  • Last Updated: 01.02.2024