1 Introduction
1.1 Purpose
The purpose of this policy is to define clear rules for the reporting of vulnerabilities to Admin By Request.
This document is applied to the entire scope of the services provided by Admin By Request.
1.2 Scope
This policy encompasses all services and products provided in the Admin By Request platform. We encourage security researchers, users and other stakeholders to report any potential vulnerabilities they discover within the scope of our offerings.
1.2.1 Out of Scope
The following are considered out of scope for this policy:
-
Vulnerabilities that necessitate unrealistic prerequisites
-
Issues resulting from user misconfiguration or misuse of the product/service, such as inadvertently exposing sensitive information due to improper settings or permissions.
-
Bugs in the software that do not pose a security risk, such as minor display errors, cosmetic issues, or non-critical functionality failures.
1.3 Reference Documents
Incident & Vulnerability Management Procedure