- Reach out to email@example.com, if you have found any potential vulnerability in our products meeting all the below mentioned criteria. You can expect a confirmation from our security team in about 48 hours of submission.
- Please refrain from doing security testing in existing customer accounts.
- When conducting security testing, make sure not to violate our privacy policies, modify/delete unauthenticated user data, disrupt production servers, or to degrade user experience.
- You’re allowed to disclose the discovered vulnerabilities only to firstname.lastname@example.org. Documenting any potential In/Out of scope vulnerability to the public is against our responsible disclosure policy.
- We encourage you to encrypt your message with our public key to ensure that it it remains safe in transit.
Qualifying Security Bugs
All bugs that are reported are qualified based on its impact on customer’s production data.
We will consider other security vulnerabilities if it is making an impact and exploitable with a working non-intrusive POC.
In Scope Domains
Klenty will define the severity of the issue based on the impact and the ease of exploit.
|Acknowledgement||Within 48 hours|
|Time taken to resolve||Based on the Severity|
Hall of Fame
We would like to thank the people listed here who have identified and responsibly disclosed security vulnerabilities with Klenty.
- Sourajeet Majumder
- Alwoares Naeem