Responsible Disclosure

Responsible Reporting: Collaborating for Safety

Updated over a week ago

Airsoft Bazaar is committed to ensuring the safety and security of our customers, vendors, and partners. We believe that fostering a secure environment is a collective effort, and we encourage security researchers to work with us in identifying and addressing potential vulnerabilities in our systems.

In order to establish a clear and effective process for reporting security vulnerabilities, we have created the following Responsible Disclosure Policy.

Reporting a Vulnerability

If you discover a potential security vulnerability in our systems, we kindly ask that you:

  1. Send an email to [email protected] with the following information:

    • A detailed description of the vulnerability, including steps to reproduce the issue.

    • Your name, contact information, and any applicable social media or website links.

    • Any proof-of-concept code or detailed instructions that can help us better understand the issue.

  2. Provide us with reasonable time to respond to your report and address the vulnerability before publicly disclosing the issue.

  3. Refrain from exploiting the vulnerability in any way, including, but not limited to, data exfiltration, account takeover, or unauthorized access to sensitive information.

  4. Avoid violating the privacy of others, interrupting or degrading our services, or causing any physical damage to our systems.

Our Commitment

When you report a vulnerability in accordance with this policy, we commit to:

  1. Acknowledge receipt of your report within 72 hours.

  2. Review and assess the vulnerability as quickly as possible.

  3. Keep you informed about the status of our investigation and any actions taken to address the issue.

  4. Work with you to ensure a thorough understanding of the vulnerability and the appropriate steps to mitigate it.

  5. Publicly acknowledge your responsible disclosure, if you so desire, after the issue has been resolved.

Safe Harbor

We understand that security research can sometimes be a legal gray area. If you follow the guidelines outlined in this policy and make a good faith effort to avoid causing harm, we will not pursue legal action against you. We consider responsible disclosure to be an invaluable service to our community and will work with you to address any potential issues.

Please note that this policy does not constitute an offer of employment or any form of compensation beyond public recognition, if desired.

Thank you for your commitment to keeping Airsoft Bazaar and its users safe.

Did this answer your question?