Vulnerability Disclosure Policy for JRRobbins.com
Effective Date: September 9, 2024
At JRRobbins.com, we prioritize the security of our Website and the protection of our users’ data. This Vulnerability Disclosure Policy provides guidelines for individuals who identify potential security vulnerabilities in our systems. We encourage the responsible disclosure of security issues and are committed to addressing any vulnerabilities promptly.
1. Scope
This policy applies to any identified vulnerabilities related to the following areas of our Website:
- Web applications
- APIs
- Data storage and transmission methods
- User accounts and authentication systems
- Third-party integrations and plugins
We encourage security researchers and individuals to report vulnerabilities that could potentially compromise the integrity, confidentiality, or availability of our Website and services.
2. How to Report a Vulnerability
If you believe you have discovered a security vulnerability on JRRobbins.com, please report it by emailing CustomerService@JRRobbins.com with the following information:
- A detailed description of the vulnerability, including the location (URL) and the potential impact.
- Steps or proof-of-concept code to reproduce the vulnerability.
- Any screenshots, logs, or supporting evidence that help illustrate the issue.
- Your contact information, including name and email address.
3. Our Commitment
Upon receiving a vulnerability report, we will:
- Acknowledge receipt of your report within 5 business days.
- Investigate and assess the severity of the vulnerability.
- Take appropriate action to resolve the issue as quickly as possible.
- Provide feedback and updates regarding the status of the vulnerability report and any steps taken to mitigate the issue.
We are committed to resolving legitimate vulnerabilities in a timely manner and appreciate the efforts of the security community in helping us maintain a secure Website.
4. Responsible Disclosure
We ask that you follow responsible disclosure practices when reporting vulnerabilities. This means:
- Do not exploit the vulnerability for personal gain, financial harm, or malicious purposes.
- Do not publicly disclose the vulnerability until it has been properly addressed by our team.
- Do not access, modify, or delete any data that does not belong to you during your investigation of the vulnerability.
We believe in working collaboratively with security researchers to resolve issues and ask that you act in good faith when reporting vulnerabilities.
5. Non-Retaliation
We are committed to protecting individuals who report security vulnerabilities in good faith. We will not take legal action or pursue law enforcement against individuals who follow responsible disclosure practices and comply with this policy. However, we reserve the right to take action against those who exploit vulnerabilities for malicious purposes or violate our Acceptable Use Policy.
6. Exclusions
The following activities are not covered by this Vulnerability Disclosure Policy:
- Denial of Service (DoS) attacks: Testing that involves overloading our systems to cause service disruption.
- Social engineering: Any attempts to manipulate our employees, partners, or users.
- Physical attacks: Exploits that involve physical access to our infrastructure or facilities.
Please focus your vulnerability testing on our digital assets as outlined in this policy.
7. Legal Considerations
JRRobbins.com encourages the responsible disclosure of vulnerabilities and will not pursue legal action against individuals who comply with this policy and act in good faith. However, any activity that goes beyond responsible disclosure or violates this policy will be subject to legal consequences.
8. Changes to This Policy
We reserve the right to update or modify this Vulnerability Disclosure Policy as needed. Changes will be posted on this page, and where appropriate, we will notify you via email or through the Website.
For questions or to report a vulnerability, please contact us at CustomerService@JRRobbins.com.