Vulnerability Disclosure Program
Save Your Wardrobe is committed to maintaining the security of our systems and our customers’ information. We appreciate and encourage security researchers to contact us to report potential vulnerabilities identified in any product, system, or asset belonging to Save Your Wardrobe.
If you believe you have identified a potential security vulnerability, please submit it pursuant to our Responsible Disclosure Program. Thank you in advance for your submission, we appreciate researchers assisting us in our security efforts. Please note, Save Your Wardrobe does not operate a public bug bounty program and we make no offer of reward or compensation in exchange for submitting potential issues.
Responsible Disclosure Program Guidelines
Researchers shall disclose potential vulnerabilities in accordance with the following guidelines:
- Do not engage in any activity that can potentially or actually cause harm to Save Your Wardrobe, our customers, or our employees.
- Do not engage in any activity that can potentially or actually stop or degrade Save Your Wardrobe services or assets.
- Do not engage in any activity that violates (a) state laws or regulations or (b) the laws or regulations of any country where (i) data, assets or systems reside, (ii) data traffic is routed or (iii) the researcher is conducting research activity.
- No automated scanning or testing.
- Do not store, share, compromise or destroy Save Your Wardrobe or customer data. If Personally Identifiable Information (PII) is encountered, you should immediately halt your activity, purge related data from your system, and immediately contact Save Your Wardrobe. This step protects any potentially vulnerable data, and you.
- Provide Save Your Wardrobe reasonable time to fix any reported issue, before such information is shared with a third party or disclosed publicly.
By responsibly submitting your findings to Save Your Wardrobe in accordance with these guidelines Save Your Wardrobe agrees not to pursue legal action against you. Save Your Wardrobe reserves all legal rights in the event of noncompliance with these guidelines.
Once a report is submitted, Save Your Wardrobe commits to provide prompt acknowledgement of receipt of all reports (within two business days of submission) and will keep you reasonably informed of the status of any validated vulnerability that you report through this program.
We have listed the assets in scope for this program, however, if you have found a potential vulnerability (excluding the out of scope vulnerabilities listed below) on any product, system or asset you believe belongs to Save Your Wardrobe, please submit it through this program as we would like to hear about it.
Out of Scope Vulnerabilities
Certain vulnerabilities are considered out of scope for our Responsible Disclosure Program.
Out-of-scope vulnerabilities include:
- Physical Testing
- Social Engineering. For example, attempts to steal cookies, fake login pages to collect credentials
- Denial of service attacks
- Resource Exhaustion Attacks
How to disclose vulnerabilities
You can send the vulnerability that you want to disclose to firstname.lastname@example.org. Please answer the following questions in your email:
- What type of vulnerability is it?
- What are the steps to reproduce the vulnerability?
- Who would be able to use the vulnerability and what would they gain from it?
Feel free to include attachments: