Security Reports Policy
If you believe you’ve found a security issue with Chariz, contact us at firstname.lastname@example.org with the details necessary for us to understand the issue. If you believe it is relevant, you can provide a proof-of-concept.
We will respond as soon as possible to confirm we have received and are evaluating your report. We endeavour to resolve security issues up to 90 days after our first email response. The timeline of resolving the issue will depend on its severity.
Please follow industry-standard responsible disclosure guidelines. That means you should consider security issues confidential, and not share any information about the issue with anyone else (including on social media or a blog) until after we confirm that there is no risk in the details being publicly known. This is to protect the users of our platform – we have a duty to protect the end-users/customers and sellers who depend on us.
Once you confirm the existence of a vulnerability, you should stop here and not attempt to tamper with the platform through this vector. This is especially the case if the vulnerability can be used to disrupt the Chariz platform, or put users of the Chariz platform at risk.
Please note that we currently do not provide rewards, such as bounty payments, for security reports.
We’d like to acknowledge the following people for responsibly reporting security issues in the past.
- None yet.