Vulnerability Disclosure Program
Latest Update: May 17, 2021
Responsible Disclosure
At Bryq we take data security seriously and strive to ensure our platform is safe and secure for all of our users.
All legitimate reports of security vulnerabilities will be investigated and any identified problems will be addressed and resolved as appropriate.
We have adopted a vulnerability disclosure program to encourage responsible reporting of security vulnerabilities.
Rules
Share the security issue with us without making it public at any point. Including, but not limited to, not making it public on social media, message boards, mailing lists and other forums.
Do not engage in security research that involves:
Potential or actual damage to users, businesses, people, systems, data or applications
Violation of privacy rights or confidentiality of data
Social engineering (including, but not limited to, phishing)
Disrupting or interrupting our services
Automated scans or tests on our network and infrastructure
Executing DDoS attacks
Resource exhaustion attacks
Do not store, share, or compromise Bryq customer data. If you encounter Personally Identifiable Information (PII), immediately halt your activities, purge the data from your system, and contact Bryq. This step protects potentially vulnerable data, and you.
If you comply with the rules of our program we agree to not pursue legal action against you. We reserve all legal rights in the event of noncompliance with our rules, or if we believe that you did not act in good faith.
Bug Bounties & Rewards
We do not offer bug bounties or rewards at this time.
How to Disclose Vulnerabilities
Send the vulnerability reports to security@bryq.com
Please include the following in your email:
What type of vulnerability is this?
What are the steps to reproduce the vulnerability?
Who would be able to use the vulnerability and what would they gain from it?
Screenshots, logs, or anything else that could help us reproduce and verify the vulnerability
We will respond to your email within one week and update you on the status of the vulnerability.