Vulnerability Disclosure Policy
As a worldwide leader in media along with SaaS for publishing, The Exquisite Post accepts accountable software advancement norms. To sustain a healthy and balanced internet ecology, we are sharing our Susceptibility Disclosure Plan. This plan defines the submission procedure for security researchers wishing to share their findings with our engineering groups.
Our commitment to independent researchers:
- To preserve confidentiality as well as exclusivity in the disclosure and also removal procedure
- To strive to validate as well as remediate all severe findings in a timely manner
- To react clearly whenever removal or recognition efforts may be postponed
Our request:
- As we promise discretion, we ask that scientists do the exact same.
- Please do not divulge details regarding common searchings without written authorization from our team.
- Provide in-depth and also clear reproduction steps (evidence of principle) when sharing findings, so we might confirm them in a timely fashion.
- Save time by paying very close attention to the out-of-scope section below.
- Include an e-mail address with the submission, so we can reach out for technological explanations and follow-up.
Out-of-scope:
- Examining the physical security of our offices, employees, or tools
- Any type of non-web strikes such as social engineering or phishing DoS/DDoS, or any other screening that might impact the operation of our systems
- App or network check records, unvalidated test outcomes, or “academic” searchings for Access to, or modification of, any account that does not come from the researcher
- Checking which results in type or email spam, or unrequested messages or informs
- Evaluating third-party SaaS applications or services, other than self-host, IaaS, or CDN assets
- Defacing any kind of possessions, or doing anything that may lead to brand damage
In-Scope Examples:
BOLAs/IDORs, OWASP API Top 10, multi-stage logic imperfections, account enumerations as well as version problems, XML injections, auth problems, cloud data leaks, important software program variation defects, verifiable RFIs/LFIs, upload ventures, WAF bypasses. Below you will find a kind where you can submit your searchings for. Please include exact as well as thorough findings to facilitate faster validation. Thanks as well as pleased hunting!