Magic Feedback Responsible Disclosure Policy
At Magic Feedback, we value the security of our systems and the privacy of our users. We are committed to working with the security community to identify and resolve security vulnerabilities. This Responsible Disclosure Policy outlines our expectations and guidelines for security researchers who wish to report vulnerabilities to us.
Guidelines
To ensure that our Responsible Disclosure Policy is followed, please adhere to the following guidelines:
- Avoid Disruption:
- Do not engage in any activity that could disrupt or damage our services, systems, or data.
- Refrain from testing vulnerabilities in a manner that could cause harm to our users or infrastructure.
- Respect Privacy:
- Do not access, modify, or delete any data that does not belong to you.
- Avoid any actions that could compromise the privacy of our users.
- Limited Testing:
- Only test vulnerabilities in environments specifically designated for testing (e.g., staging or test environments).
- Do not use automated tools that generate significant traffic or could cause system degradation.
- Responsible Disclosure:
- Report vulnerabilities to us in a responsible manner, providing detailed information and steps to reproduce the issue.
- Allow us a reasonable amount of time to resolve the issue before making any information about the vulnerability public.
- No Malicious Activity:
- Do not engage in any activities that would be deemed illegal or unethical, such as social engineering, phishing, or physical attacks.
- Non-Exploitation:
- Do not exploit any vulnerabilities beyond the extent necessary to demonstrate their existence.
- Do not share details of the vulnerability with others until it has been resolved.
Reporting a Vulnerability
When you identify a potential security vulnerability, please follow these steps to report it to us:
- Detailed Report: Provide a detailed report that includes:
- A description of the vulnerability.
- Steps to reproduce the issue.
- The potential impact of the vulnerability.
- Any supporting evidence (e.g., screenshots, logs, etc.).
- Submission: Send your report to info@magicfeedback.io with the subject line “Responsible Disclosure Submission”.
- Await Confirmation: We will acknowledge receipt of your report within 48 hours. Our security team will investigate the issue and provide regular updates on the status of our investigation and resolution efforts.
Our Commitment
To encourage responsible disclosure, we commit to:
- Prompt Acknowledgment: Acknowledge receipt of your vulnerability report within 48 hours.
- Timely Updates: Provide regular updates on the progress of our investigation and resolution efforts.
- Recognition: Offer public recognition to researchers who help us identify and resolve security vulnerabilities, if desired.
- No Legal Action: Refrain from pursuing legal action against researchers who comply with this Responsible Disclosure Policy.
Legal
This Responsible Disclosure Policy is not an invitation to actively scan or test our systems without permission. By submitting a vulnerability report to us, you agree to comply with this policy and all applicable laws. Any activities conducted in a manner inconsistent with this policy or applicable laws may result in legal action.
Thank you for helping us keep Magic Feedback secure!