Have you discovered a vulnerability? Let us know.

At Resethacker, we naturally consider the security of our systems and our network to be of the utmost importance. We are convinced that good security is essential to maintain the trust that our clients, suppliers and employees place in us. Despite the care invested in the security of our systems, however, it is still possible that vulnerabilities could be discovered. By means of our responsible disclosure policy, we ask anyone who has discovered a vulnerability to report it as quickly as possible, so that we can take adequate countermeasures. We would be happy to work with you to solve the vulnerability.

We ask that you:

● Report your discoveries as quickly as possible to [email protected] If you would like to encrypt your report before you send it, please inform us in your e-mail and we will give you instructions;
● Provide us with enough information to reproduce the vulnerability, so that we can solve it as quickly as possible. Usually the IP address or URL for the affected system and a description of the vulnerability are sufficient, but more complex vulnerabilities may require additional information;
● Not to abuse the vulnerability by downloading, viewing, deleting or editing data;
● Not sharing vulnerabilities with others until they can be solved. If you have inadvertently obtained confidential information, then we ask that you delete the data immediately;
● Automated Scanned Reports are Not accepted.

What can you expect:

● We will always take your report seriously. We will also investigate any suspected vulnerabilities;
● We will reply to your report within 7 working days with our evaluation of the report and an expected date for the solution;
● We will keep you informed of the progress made in solving the vulnerability;
● We are not part of a cash/bug bounty program but are happy to issue a certificate of recognition to individuals and add your name in our Hall Of Fame who report security issues responsibly and help us make Resethacker systems more secure.

In Scope of this Policy

● Domain(s)

Out of Scope

Certain vulnerabilities are considered out of scope for our Responsible Disclosure Program. Out of scope vulnerabilities include:

● Denial of service (DOS)
● Vulnerabilities dependent upon social engineering techniques
● Certificates/TLS/SSL related issues
● Click-jacking
● Issues Related to SPF/DMARC/DKIIM Records

We will process each report and may contact you, if more information is needed from you. We request that you keep all communication regarding the vulnerability confidential.