Our team of dedicated security professionals works vigilantly to keep customer information secure. We recognize the important role that security researchers and our community play in keeping ReadCube and our customers secure.
If you discover a site or product vulnerability, please notify us ensuring that you include the following details:
- Proof-of-Concept URL and the information of affected parameter
- Detailed steps of reproducing the vulnerability
- URL to screenshots to show Proof-of-Concept
- Details of the system where the tests were conducted
Guidelines for responsible disclosure
- Share the security issue with us before making it public on message boards, mailing lists, and other forums.
- We request that you wait until notified that the vulnerability has been resolved before disclosing it to others. We take the security of our customers very seriously, however some vulnerabilities take longer than others to resolve. There are several teams involved in working on these vulnerabilities depending on the situation.
Do not engage in security research that involves:
- Potential or actual damage to ReadCube users or systems or applications.
- Use of an exploit to view data without authorization
- Use of an exploit that involves the corruption of data.
- Requests of compensation for the reporting of security issues either to ReadCube, or through any external marketplace for vulnerabilities, whether black-market or otherwise.
We thank all for their contributions, but from time to time, we will want to publically acknowledge and thank members of our researcher community on our Responsible Disclosure Acknowledgement Page. We will contact you once the vulnerability you've reported has been resolved to ask you whether you would like your name to be displayed on this page.
Thank you to the following contributors:
Yesenia Guadalupe Trejo Alfaro (2014)