Responsible Disclosure Program
We (Ycode) treat the security of our customers very seriously, which is why we carry out rigorous testing and strive to write secure and clean code. Despite our meticulous testing and thorough QA, sometimes bugs occur.
For this reason, we encourage the community to responsibly disclose any bugs or issues. By reporting any issues to us, you accept these Responsible Disclosure Program terms.
Currently, Ycode does not operate an active bug bounty program and therefore does not offer compensation for reported issues. However, we greatly value your contributions, which significantly contribute to enhancing Ycode's security and overall quality.
1. Rules
1.1. Do not perform any attack, or DDoS, that could harm the reliability or integrity of our services or data.
1.2. Respect and comply with the law.
1.3. Do not attempt to gain access to another user’s account or data.
1.4. If you interacted with or obtained access to data and/or personal data, you must cease testing and stop any other actions that involve data and/or personal data immediately.
1.5. You can only access, disclose and report the issues that you tested on your own account(s).
3. How to report
3.1. Include as much information as you can in clearly-written English. The report should include, but not be limited to:
3.1.1. All steps or actions required to reproduce the exploit of the vulnerability.
3.1.2. Logs and screenshots .
3.1.3. Video demonstration of the bug.
3.1.4. IPs that were used while testing.
3.1.5. Any other supporting evidence.
3.2. All of these things should be reported to [email protected] along with your contact details.
4. Miscellaneous provisions
4.1. Please note that if you do not follow the terms of the Responsible Disclosure Program, we may initiate a lawsuit or law enforcement investigation against you.
4.2. We reserve the right to change these terms at any time. If we decide to change this document, we will post changes on this page. All changes are effective immediately upon posting.
4.3. These terms will begin when you disclose the bug or issue to us.