HOW TO REPORT SECURITY ISSUES TO iBASEt?
iBASEt strives to maintain a secure environment across its software applications, services engagements, and website properties. To that end, iBASEt is committed to working with our valued customers and well-intentioned, ethical security researchers who seek to discover security vulnerabilities. The company is committed to working with our community in resolving security issues in our product and services.
This policy outlines the guidelines that iBASEt works with our customers and the security research community. Please read this document carefully prior to reporting vulnerabilities to ensure you understand the policy and will act in compliance with it.
Current iBASEt Customers
Please report any potential security issues or concerns via our Support Portal.
Non-Customer Security Discovery
If you are a security researcher and have discovered a potential or verified security vulnerability in our product or websites, we appreciate you disclosing it to us in a responsible manner and according to these guidelines. iBASEt will analyze all vulnerability reports and implement the best course of action in a timely manner.
Please send an email to the iBASEt Security Team at [email protected]. Please avoid using social media, as these communication channels are not actively monitored by our Security team for this purpose. In the email, please provide the following information:
- The exact location of the vulnerability (e.g. URL, IP Address, port, etc.)
- A brief description of the vulnerability type (e.g. “injection”)
- Step-by-step process to reproduce and validate the vulnerability
You can expect the following:
- Prompt acknowledgement that your vulnerability report has been received
- Follow-up questions, if any, and a request for a call if needed
- A notification when the vulnerability is resolved
iBASEt does not currently have a bug bounty program.
iBASEt appreciates the information provided by the security researcher community and asks that you refrain from:
- Disclosing any of iBASEt’s product, website, or service vulnerabilities to third parties or the public prior to receiving confirmation from iBASEt that the identified security issue has been resolved
- Keep or disclose any iBASEt-owned data to any third party
- Access unnecessary amounts of data. iBASEt estimates one to three record(s) is sufficient to demonstrate a vulnerability
- Modify data in iBASEt systems that is not your own
- Social engineer iBASEt staff, partners, customers, or contractors
- Disrupt iBASEt service(s) or system(s) by any means (such as DDOS, etc.)
- Breach any applicable laws and regulations
For any questions regarding this policy, please reach out to the iBASEt Security Team at [email protected]. This policy may be updated from time to time by iBASEt at its sole discretion.
Important: Use our PGP key to encrypt the report before sending email to [email protected]
Public Keys can be retrieved from the following: