Vulnerability reporting policy
Effective date: December 2023
At corebapp.com, we prioritize trust and protecting our customer's data seriously.
​
We value the contribution of independent security researchers in enhancing internet security. That's why we urge responsible reporting of any vulnerabilities detected in our site or apps. We promise to collaborate with security researchers in validating and fixing any potential vulnerabilities that come to our attention. Before testing or reporting a vulnerability, please take a moment to review these terms. At corebapp.com, we promise not to pursue legal action against researchers who attempt to penetrate our systems as long as they comply with this policy.
​
Testing for security vulnerabilities:
​
When conducting vulnerability testing on our online services, using any corebapp platforms or apps, if available, is essential to communicate in detail with us. Additionally, we recommend using test or demo accounts for all testing purposes and announcing your plans to our security team at security@corebapp.com.
​
Reporting a potential security vulnerability:
​
-
Privately share details of the suspected exposure with the corebapp platform by sending an email to security@corebapp.com
-
Provide full details of the suspected vulnerability so the corebapp.com security team may validate and reproduce the issue.
corebapp.com does not permit the following types of security research:
​
We encourage you to report any vulnerabilities you may discover responsibly, but please note that the following actions are strictly prohibited.:
​
-
Engaging in activities such as spamming, brute force attacks, or denial of service that can harm corebapp.com, any of its online entities, or its users
-
Trying to get into data or information that is not yours.
-
It is important to refrain from destroying, corrupting, or trying to destroy or corrupt data or information that does not belong to you.
-
Conducting any physical or electronic attack on corebapp.com personnel, property or data centers
-
Social engineering any corebapp.com service desk, employee or contractor
-
Conduct vulnerability testing of participating services using anything other than test accounts specifically designed for it
-
Violating any laws or breaching any agreements to discover vulnerabilities
​
​
The corebapp.com security team commitment:
​
Please refrain from sharing or making public any unresolved vulnerabilities with third parties. If you decide to submit a report on a vulnerability, the security team at corebapp.com and their associated development organizations will make reasonable efforts to address the issue responsibly.
​
-
Respond promptly, acknowledging receipt of your vulnerability report
-
Provide an estimated time frame for addressing the vulnerability report
-
Notify you when the vulnerability has been fixed
At corebapp.com, we would like to express our gratitude to all the researchers who submit vulnerability reports. Your efforts help us enhance our security posture. Thank you!
How to Contact Us
Contact our Data Protection Office for privacy inquiries or concerns. We welcome your feedback and are happy to assist you.
Contact details are available below:
​
Data Protection Office
Legal Department
32-34 Drumul Bacriului St.,
Rosu 077042, Romania
Email Address: dpo@corebapp.com