Vulnerability disclosure policy
As a media technology innovator, Dramatify embraces responsible software development norms. Our Vulnerability Disclosure Policy describes the submission process for security researchers wanting to share their findings with our engineering teams.
Our commitment to independent researchers
- Maintaining confidentiality and exclusivity in the disclosure and remediation process
- Striving to validate and remediate all severe findings expeditiously
- Responding to the submitter if remediation or validation efforts encounter delays
- We promise confidentiality. We ask that researchers do the same. Please only disclose information about shared findings with written permission from our team.
- Provide detailed and precise reproduction steps (proof of concept) when sharing findings so we can validate them promptly.
- Save time by paying close attention to the out-of-scope section below.
- Consider including an email address with the submission so that we can reach out for technical clarifications and follow-up.
- Testing the physical security of our offices, workplaces, employees, equipment or 3rd party partners and suppliers
- Any non-web attacks such as social engineering or phishing
- DoS/DDoS or any other testing that may impact the operation of our systems
- App or network scan reports, unvalidated test results, or “theoretical” findings
- Access to, or modification of, any account that does not belong to the researcher
- Testing which results in form or email spam, or unsolicited messages or alerts
- Testing third-party SaaS apps, services and CDN assets
- Defacing any assets or doing anything that may result in brand damage
BOLAs/IDORs, OWASP API Top 10, multi-stage logic flaws, account enumerations and iteration flaws, XML injections, auth problems, cloud data leakages, critical software version flaws, provable RFIs/LFIs, upload exploits, WAF bypasses.
Reporting a vulnerability
Please report your findings to [email protected] as soon as possible after discovery. You can be anonymous, but consider leaving your contact details so we can contact you to work together for a safe result. Please include accurate and detailed findings to facilitate faster validation. We may choose to ignore low-quality information reports.
Thank you, and happy hunting!