Introduction
We prioritize the security of our users on the Fizz platform. Understanding that no technology is perfect, we invite security researchers and ethical hackers to help us identify vulnerabilities to keep our platform safe. This policy provides guidelines for disclosing vulnerabilities in a responsible manner.
Scope
This policy covers all vulnerabilities in any Fizz application or server, especially those which may compromise the anonymity of our users.
Reporting
- Email your findings to [email protected].
- Provide detailed steps, preferably with screenshots or proof of concept, so we can reproduce the vulnerability.
- Include your name and contact information.
Guidelines
- Data Integrity and Non-Interference: While investigating, never modify, delete, or interact with data that doesn't belong to you. If you need to test a vulnerability that involves data alteration, use your own account or get explicit permission to use a test account.
- Prioritize user privacy: do not view, alter, or delete another user's data without explicit permission.
- Investigate vulnerabilities only in a way that will not harm the usability of the platform or its users.
- Do not disclose the vulnerability to third parties or the public until we've had adequate time to address it.
What we promise
- We will acknowledge receipt of your vulnerability report within 3 business days.
- We will provide an estimated time frame for addressing the vulnerability.