Purpose
At MyPassGlobal, we take the security of our products, services, and systems seriously. Software products that we build and own, as well as products, services and libraries that we incorporate into our own products are all susceptible to vulnerabilities.
We believe in the importance of working together with the security community to identify and resolve potential security vulnerabilities responsibly.
This Responsible Disclosure Policy outlines the guidelines and procedures for security researchers, ethical hackers, and concerned individuals ("Researchers") to responsibly report any discovered security vulnerabilities to us.
Scope
This Responsible Disclosure Policy applies to all of our online services, websites, applications, and systems. By submitting a report under this policy, you agree to comply with the terms and guidelines mentioned herein.
Guidelines for Responsible Disclosure
We encourage Researchers to act responsibly and in good faith when identifying and reporting security vulnerabilities. To comply with this policy, please adhere to the following guidelines:
Eligible Vulnerabilities
Only submit reports for security vulnerabilities that are not publicly known and could potentially compromise the security or integrity of our systems or user data. Examples of eligible vulnerabilities included but are not limited to:
- Cross-site scripting (XSS)
- Cross-Site Request Forgery (CSRF/XSRF)
- Server-side code execution
- Privilege escalation
- SQL injection
- Remote code execution
- Information disclosure
Prohibited Activities
Please refrain from engaging in any harmful or disruptive activities, such as:
- Attempting to access, modify, or delete data not related to your research.
- Testing on systems or networks you do not own or have explicit permission to test.
- Distributing or sharing any confidential information obtained during your research.
- Performing any form of denial-of-service (DoS) attack or similar activities.
- Social engineering, including phishing or other deceptive techniques.
Responsible Disclosure Procedure
If you believe you have discovered a potential security vulnerability, please follow these steps to responsibly disclose it to us:
- Report Submission: Submit your findings to vulnerability-report@mypassglobal.com. Encrypt your email using our PGP key (https://www.mypassglobal.com/.well-known/pgp-key.txt) to ensure the confidentiality of your report.
- Provide Sufficient Information: Include as much information as possible to help us understand and reproduce the vulnerability. This may include the vulnerability description, affected URLs, steps to reproduce, screenshots, and any supporting material.
- No Exploitation: Do not attempt to exploit the vulnerability beyond what is necessary to demonstrate its existence.
- Response Time: We will make every effort to acknowledge receipt of your report within 5 days and keep you informed of the progress.
- Coordination: We are committed to collaborating with you to understand, verify, and resolve the reported vulnerability.
- Public Disclosure: We will coordinate with you on the timing and content of any public disclosure regarding the vulnerability.
Acknowledgement and Recognition
we recognise the valuable contributions of security researchers and will acknowledge your responsible disclosure. We do not provide compensation for reports of potential or verified vulnerabilities.Depending on the severity and impact of the vulnerability, we may also offer recognition through our website, blog, or other platforms.
Legal Considerations
MyPass Global will not initiate legal action against Researchers who act responsibly, follow this Responsible Disclosure Policy, and make a good faith effort to comply with its guidelines.
Policy Changes
We reserve the right to update or modify this Responsible Disclosure Policy at any time. Any changes will be posted on this page, and the revised date at the top will reflect the most recent update.
Contact Information
If you have any questions or concerns about this policy or need to report a security vulnerability, please contact us at: Email: vulnerability-report@mypassglobal.com
Thank you for helping us maintain the security and integrity of our systems and protecting our users' data. Your cooperation and adherence to this Responsible Disclosure Policy are greatly appreciated.
MyPass Global Security Team