Responsible Disclosure
absentify is committed to keeping customer data safe and secure. We value any inputs from the community to help us detect vulnerabilities.
How to report a security issue
If you discover a potential security issue, please send an email to support@absentify.com with detailed information about the vulnerability. Due to our limited team size, responses may take some time. We appreciate your understanding and efforts to help us maintain a secure environment.
What we expect from you
To ensure a safe and collaborative reporting process, we ask you to:
- Avoid performing Denial of Service (DoS) attacks.
- Refrain from using automated tools against our servers.
- Do not access or modify data that does not belong to you.
- Keep vulnerability details confidential and do not share them publicly.
What you can expect from us
For every vulnerability reported, we will:
- Conduct our own risk assessment.
- Notify you if the report does not meet our eligibility criteria.
- Validate legitimate reports, prioritize the issue, and inform you once it has been resolved.
- Offer you the option to be publicly acknowledged or remain anonymous.
In scope
Out of scope
The following issues are not eligible for reporting:
- Vulnerabilities identified through automated scanning tools.
- Social engineering attacks.
- Password brute-force attempts.
- Clickjacking on pages without sensitive actions.
- Missing security headers, unless their absence is demonstrably exploitable.
- Security concerns that require highly unlikely conditions, such as outdated or uncommon browsers, operating systems, or insecure network environments.
Bounty
We value your efforts and offer rewards ranging from recognition in our Hall of Fame to monetary compensation. The reward amount depends on:
- The severity of the issue.
- The quality of your report.
Please note that rewards are only provided for serious, previously unidentified security issues affecting absentify.