Can’t find what you’re looking for? Talk To A Human

Responsible Disclosure Policy

Keeping customer data safe and secure is our top priority. If you've discovered a security vulnerability, please do not share it publicly. Instead, report it to us.

Rules for you

  • Avoid data deletion, unauthorized data access, and service disruption while testing the vulnerability you found.
  • Do not access or modify, or attempt to access or modify, data that does not belong to you.
  • Do not execute, or attempt to execute, a Denial of Service (DoS) attack.
  • Do not run any automated tools against our servers without prior coordination.
  • Do not try to abuse our servers’ resources, including but not limited to sending unsolicited or unauthorized email.
  • Do not publicly share the issue details until we confirm that it’s fixed.
  • Do not attempt to blackmail us, or try to sell us your security report.
  • When in doubt, contact us at support@sslhound.com.

Rules for us

  • We will not pursue any legal action against you, if you obey the rules above.
  • We will reply to all correctly submitted reports, and we will work with you on fixing the issue.
  • We will perform our own risk assessment for every reported vulnerability.
  • If your report is not eligible, we will let you know the reason why.
  • We will let you decide whether you want to be publicly acknowledged for your report.

What does not qualify?

  • Vulnerabilities to timing and DOS attacks (remember, you’re not allowed to test these).
  • Vulnerabilities that have been previously reported by another user.
  • Known vulnerabilities in the components of our technological stack reported within 48 hours since their public reveal.
  • Security issues, only reproducible under highly unlikely conditions (using outdated or exotic web browsers, operating systems, or insecure internet connections).
  • Bugs or functionality that proves that a tested user, certificate, or related information exists in our database as well as the theoretical ability to brute-force such functionality.

Last updated Monday, 9 September 2019