Security

YOUR SECURITY IS OUR TOP PRIORITY

Vibease constantly working to improve our apps, services and products for a better and safer experience. We are committed to working with security researchers and the community to verify, reproduce, and respond to reported vulnerabilities.

SCOPE

Vulnerabilities on all Vibease apps and Vibease owned domains are covered under this program.
Specifically: *.vibease.com

RULES AND EXCLUSIONS

Any activity that would disrupt, damage or adversely affect any third-party data or account is not allowed. Please do not mass create accounts to perform testing against Vibease applications and services. Also, do not perform brute force testing to determine whether rate limiting is in place for particular APIs or pieces of functionality.

Do not publicly disclose any vulnerabilities before you inform us and received a reply from us when it will be fixed. Do not publicly disclose any user information and data even after the bug have been fixed.

The following are strictly prohibited:

  • Denial of Service attacks.
  • Physical attacks against offices and data centers.
  • Social engineering of our service desk, employees or contractors.
  • Compromise of Vibease users or employees account
  • Automated tools or scans, botnet, compromised site, end-clients or any other means of large automated exploitation or use of tool that generates a significant volume of traffic.

REPORTING

If you discovered a security vulnerability, please email steven@vibease.com

We will respond as quickly as possible to your submission. Please include

  • A summary of the problem
  • A sequence of steps that can be used to reproduce the problem

We will diligently investigate the details of the issue and will work with you to understand the scope of the issue presented. We will keep you updated as we work to fix the bug you submitted.

ACKNOWLEDGEMENTS

We value the contributions by security researchers in improving the security of our products and service offerings. We do not have a bounty/cash reward program for vulnerability disclosures. At our sole discretion, we may give you a reward if we deemed the vulnerability is critical. To express our gratitude for your contribution, we would acknowledge your contribution on our website. Please let us know if you prefer to remain anonymous.

We would like to thank the following individuals for their contributions

  • RenderMan - Internet of Dongs
  • qDot - MetaFetish
  • Haq Khokhar
  • Rem1nd
  • Larry Pesce
  • Kiwibird
  • Matthew W. - University of Texas at Dallas