Introduction
Scarlett’s Web, Inc. is committed to ensuring the security of our online platform, scarletts-web.com. We value the contributions of security researchers and the wider community in helping us maintain the highest security standards. This Security Vulnerability Disclosure Program (VDP) outlines the guidelines for reporting security vulnerabilities discovered in our online services and web applications.
Reporting a Vulnerability
If you discover a security vulnerability on scarletts-web.com, we encourage you to follow these steps to report it:
1. Review our scope: Before you begin, please review the scope of our VDP. Only vulnerabilities found within the defined scope will be eligible for rewards and recognition. The scope can be found on our website [here](link-to-scope).
2. Prepare your report: Create a detailed report of the vulnerability. Include all necessary information to help us understand and replicate the issue. A well-prepared report increases the likelihood of a swift resolution.
3. Submit your report: Email your vulnerability report to [security@scarletts-web.com](mailto:security@scarletts-web.com) with the subject line: “Security Vulnerability Report – [Brief Description]”. Attach your report as a text file or provide it directly in the email body. If applicable, you can also attach any supporting files or proof-of-concept code.
4. Wait for acknowledgment: You will receive an acknowledgment of your report within 48 hours, confirming that we have received your submission and are reviewing it.
5. Assessment and verification: Our security team will evaluate the vulnerability to determine its severity and validity. We may contact you for additional information or clarification if needed.
6. Resolution: Once the vulnerability is verified, our team will work to address it. We will keep you informed about our progress and, if desired, you can be included in the resolution process.
7. Recognition and rewards: If the vulnerability is confirmed and successfully resolved, you may be eligible for recognition and rewards based on the severity and impact of the vulnerability. Further details on our recognition and rewards program can be found here.
Guidelines for Reporting
To help us maintain a productive and efficient disclosure process, please follow these guidelines when reporting vulnerabilities:
– Provide detailed information: Include clear and concise information about the vulnerability, its impact, and how it can be exploited. This helps us understand the issue better.
– Responsible disclosure: Do not attempt to exploit the vulnerability beyond what is necessary for your report. Respect user privacy, and do not access, modify, or delete data that doesn’t belong to you.
– Confidentiality: Please keep the vulnerability and any related information confidential until we have addressed the issue.
– Scope limitations: Report only security vulnerabilities that fall within the defined scope of our program. Reports on vulnerabilities outside the scope will not be eligible for rewards or recognition.
– No malicious intent: Do not engage in any activity that could harm Scarlett’s Web, Inc., its users, or its operations. Engaging in malicious activities will result in disqualification from our VDP.
Legal Considerations
Scarlett’s Web, Inc. is committed to working with security researchers in a legal and responsible manner. By participating in our VDP, you agree to:
– Follow the guidelines outlined in this program.
– Abide by applicable laws and regulations.
– Make every effort to avoid privacy violations, disruption of services, and unauthorized access.
Contact
For any questions or inquiries related to our Security Vulnerability Disclosure Program, please contact us at [security@scarletts-web.com].
