If you discover a site or product vulnerability, please notify us ensuring that you include the following details:
- Proof-of-Concept URL and the information of affected parameter
- Detailed steps of reproducing the vulnerability
- URL to screenshots to show Proof-of-Concept
- Details of the system where the tests were conducted
Guidelines for responsible disclosure
- Share the security issue with us before making it public on message boards, mailing lists, and other forums.
- We request that you wait until notified that the vulnerability has been resolved before disclosing it to others. We take the security of our customers very seriously, however some vulnerabilities take longer than others to resolve. There are several teams involved in working on these vulnerabilities depending on the situation.
Do not engage in security research that involves:
- Potential or actual damage to ReadCube users or systems or applications.
- Use of an exploit to view data without authorization
- Use of an exploit that involves the corruption of data.
- Requests of compensation for the reporting of security issues either to ReadCube, or through any external marketplace for vulnerabilities, whether black-market or otherwise.
Thank you to the following contributors: