Vulnerability Disclosure Program

Vulnerability Disclosure Program

Latest Update: May 17, 2021

Responsible Disclosure

At Bryq we take data security seriously and strive to ensure our platform is safe and secure for all of our users.

All legitimate reports of security vulnerabilities will be investigated and any identified problems will be addressed and resolved as appropriate.

We have adopted a vulnerability disclosure program to encourage responsible reporting of security vulnerabilities.

Rules

Share the security issue with us without making it public at any point. Including, but not limited to, not making it public on social media, message boards, mailing lists and other forums.

Do not engage in security research that involves:

  • Potential or actual damage to users, businesses, people, systems, data or applications
  • Violation of privacy rights or confidentiality of data
  • Social engineering (including, but not limited to, phishing)
  • Disrupting or interrupting our services
  • Automated scans or tests on our network and infrastructure
  • Executing DDoS attacks
  • Resource exhaustion attacks

Do not store, share, or compromise Bryq customer data. If you encounter Personally Identifiable Information (PII), immediately halt your activities, purge the data from your system, and contact Bryq. This step protects potentially vulnerable data, and you.

If you comply with the rules of our program we agree to not pursue legal action against you. We reserve all legal rights in the event of noncompliance with our rules, or if we believe that you did not act in good faith.

Bug bounties & rewards

We do not offer bug bounties or rewards at this time.

How to disclose vulnerabilities

Send the vulnerability reports to security@bryq.com.

Please include the following in your email:

  • What type of vulnerability is this?
  • What are the steps to reproduce the vulnerability?
  • Who would be able to use the vulnerability and what would they gain from it?
  • Screenshots, logs, or anything else that could help us reproduce and verify the vulnerability

We will respond to your email within one week and update you on the status of the vulnerability.