Introduction
Welcome to Hyperfox's Responsible Disclosure Programme. At Hyperfox, we deeply value the contributions of security researchers and our community in enhancing the security of our systems and safeguarding user data. Your efforts in responsibly reporting vulnerabilities are vital to maintaining the safety and integrity of our services.
Responsible Reporting Guidelines
We encourage the discovery and reporting of security issues in a responsible manner. To help us effectively assess and address reported vulnerabilities, please adhere to the following guidelines:
Email submissions
Please send your detailed findings to
hello@hyperfox.com. For secure communication, we encourage the use of encrypted email. Our PGP key is available upon request.
Information to include
Provide a clear description of the issue, including steps to reproduce the vulnerability, the potential impact, and any technical details that would assist in our evaluation.
Scope of testing
Your testing should avoid: attacks on physical security, social engineering tactics, distributed denial of service (DDoS) attacks, spamming, exploiting third-party applications or services.
Our commitments
Upon receiving your report, we commit to the following:
Quick response
We aim to acknowledge receipt of your report within 48 hours and provide an initial assessment of the issue.
Confidentiality
We will maintain the confidentiality of your report and protect your identity, disclosing personal information only with your permission or when legally obligated.
Acknowledgment
Every researcher contributing to our programme will be recognized for their efforts. Significant contributions may be eligible for public acknowledgment in our Security Hall of Fame.
Expectations from researchers
Participants in Hyperfox's Responsible Disclosure Programme are expected to:
Respect the law
Ensure all activities are conducted lawfully and with respect for the privacy of others.
Avoid misuse
Refrain from using the discovered vulnerability to access, modify, delete, or compromise data and systems.
Collaborative resolution
Engage with us to securely resolve the vulnerability, keeping communication confidential until a fix is deployed.
Scope
This programme covers all Hyperfox systems and services. We specifically invite research on our web platforms and APIs but exclude third-party applications and services.
Acknowledgments and rewards
While we primarily offer acknowledgment for contributions, exceptional reports that lead to significant improvements may be eligible for rewards. The criteria for rewards include the severity of the vulnerability and the quality of the report. Details on our rewards programme are available upon request.
Legal protection
We assure researchers acting in good faith and adhering to our guidelines that Hyperfox will not pursue legal action against them. We expect researchers to refrain from public disclosure of vulnerabilities before a mutual agreement on the disclosure timeline is reached.
Updates to the policy
Hyperfox reserves the right to update this policy periodically. We encourage researchers to review the policy regularly for any changes.
Contact us
For further inquiries or suggestions regarding our Responsible Disclosure Programme, please contact us at
hello@hyperfox.com.
Thank you for your support and contribution to Hyperfox's security. Together, we are building a safer digital environment for everyone.