Report Site Vulnerabilities

  • Written by Getdone
  • Updated on Jan 24, 2019
  • Security plays a key role in Getdone. In the process of driving the platform, the security researchers always improve and upgrade security features for the website.

    We take the security of our users seriously. We are committed to working with the community to verify, reproduce, and respond to reported legally-flawed vulnerabilities. We encourage the community to participate in our responsible reporting process. For more information to report any suspicious activity related to Getdone, click here instead.

    If you suspect there is an underlying vulnerability on any of the getdone.co domains, please report your finding results to us following the Responsible Disclosure Guidelines (described below).

    You should not disclose publicly because it certainly brings more risks. Keep the issue private until we resolve it.

    Because security is important to Getdone, the appropriate monetary reward will be awarded to researchers if it is true and they comply with the Responsible Disclosure Principles.

     

    Guidelines for Responsible Disclosure

    If you discover a vulnerability on getdone.co please email us at support@getdone.co using the following guidelines:

    1. Please share the security issue with us before making it public on message boards, mailing lists, or other forums.

    2. Please wait until we notify you that the vulnerability has been resolved before you disclose it to others. We take the security of our customers seriously, and some vulnerabilities take longer than others to resolve.

    3. When submitting a vulnerability, please provide a clear, concise description of steps to reproduce the vulnerability.

    4. Please provide full details of the security issue, including Proof-of-Concept URL and the details of the system where the tests were conducted.

     

    Please do not engage in security research that involves:

    - Potential or actual damage to Getdone users, systems, or applications.

    - Use of an exploit to view data without authorization that involves the corruption of data.

    - Requests for compensation for the reporting of security issues through any external marketplace for vulnerabilities, whether black-market or otherwise.