Category

How to report security vulnerabilities?

Sociabatt ( Beta phase ) is committed to developing products and services that adhere to the highest security standards in order to protect our users and their data.We welcome reports from security researchers and experts about possible security vulnerabilities with our service. We are particularly interested in hearing about vulnerabilities that impact the confidentiality or integrity of user information or systems, and have the potential to impact a large number of people.If you believe you have discovered a possible vulnerability in the our services, please file a report with our security team including information and detailed instructions about how to reproduce the issue.

You can file your report by sending an email to [email protected].

Note: If you are researching security issues, please test against accounts you control, and use a Sociabatt account with protected battles to avoid disclosing details about the issue publicly.

 

Guidelines:

  • You do no harm and do not exploit any vulnerability beyond the minimal amount of testing required to prove that a vulnerability exists or to identify an indicator related to a vulnerability.
  • You avoid intentionally accessing the content of any communications, data, or information transiting or stored on Sociabatt information system(s), servers or datacenter, except to the extent that the information is directly related to a vulnerability and the access is necessary to prove that the vulnerability exists.
  • You do not expose any data under any circumstances.
  • You do not intentionally compromise the privacy of any of our users, or any third parties.
  • You do not intentionally compromise the intellectual property or other commercial or financial interests of any Scoiabatt personnel or entities, or any third parties.
  • You do not publicly disclose any details of the vulnerability, indicator of vulnerability, or the content of information about the vulnerability
  • You do not conduct social engineering, including any kind of phishing.
  • If at any point you are uncertain whether to continue testing, please engage with our team.