Vulnerability Disclosure Program

Responsible Disclosure

Last modified: February 9th, 2022

Found a security flaw?

At ShopVox, we take the security of our system very seriously, and protecting our customers’ data are our number one priority. We genuinely value security researchers and others in the security community to assist in keeping our systems secure. Together we can make things better and find ways to solve challenges, and the responsible disclosure of security vulnerabilities helps us ensure the security and privacy of our users. We constantly strive to deliver high-quality services as secure as possible. If you have discovered a security flaw, we encourage you to contact us and would like to hear about it to address it as soon as possible. Together we can accomplish goals through collaboration, communication, and accountability.

How to contact us?

You can start the process by sending an email to our  support@shopvox.com [KK1] and make sure to include the type, impact, description, and location of the vulnerability and a detailed description of the steps required to reproduce the vulnerability. We will do our best to get back to you within 72 hours, with a confirmation that we have received your report, and keep you updated while we process the issue.

Guidelines

Please keep information about any vulnerability you’ve discovered confidential between yourself and ShopVox until we have had at least 60 days to review and resolve the issue. It is important to note that the timeframe for us to review and resolve an issue may vary based upon several factors, including the complexity of the vulnerability, the risk that the vulnerability may pose, among others. Please keep in mind to make every effort to avoid privacy violations, degradation of user experience, disruption to production systems, brute force attacks, denial of services, and destruction of data during security testing. Always keep in mind not to engage in social engineering or phishing of our employees. ShopVox employees or employees of ShopVox’s partners are not eligible for participation.

Scope

All services, applications, and servers are owned by Shopvox.

  • app.shopvox.com

  • www.shopvox.com

Exclude services:

  • helpdesk.shopvox.com

  • docs.shopvox.com

Reward

Each report will be evaluated case-by-case, and the shopVOX team will decide regards to any reward.