We take security of our assets with utmost seriousness. We greatly appreciate the efforts of
security researchers and discoverers who share information on security issues with us, giving us a
chance to improve our products and services, and better protect our customers.
If you believe you have identified a potential vulnerability in InstaReM.com
Web or mobile
applications, we encourage you to report us immediately at [email protected]
We ask that you follow our Vulnerability Disclosure Policy Guidelines and make a good faith
effort to avoid privacy violations, destruction of data and interruption or degradation of our service
during your research.
What's expected from the reporter?
- A detailed PoC (Proof of Concept) with screenshots elaborating the exact steps performed to
exploit the issue as well as highlighting the risks associated with it.
- To ensure confidentiality, we insist that you password-protect the document before sharing with
- InstaReM urges the reporter to keep any communication regarding the vulnerability disclosure
Upon receiving a vulnerability report, InstaReM shall investigate and verify the vulnerability, and
determine if it's eligible for our reward program.
Few factors shall be taken into consideration before determine the eligibility:
- Duplicate check. Whether the vulnerability has already been reported before.
- Criticality of the vulnerability. In scoring or rating vulnerabilities, InstaReM
follows standard industry best practices to designate the vulnerability's impact as High, Medium
- Potential impact to our infrastructure.
Post Confirmation of Vulnerability
- InstaReM shall then release a fix to address the issue at the earliest.
- InstaReM shall endeavour to keep the reporter apprised of the status of vulnerability.
- InstaReM shall reward the reporter with a credit as deemed appropriate.
NOTE: Only non-duplicate vulnerabilities classified as ‘High’ shall be
considered for reward.
The following conditions are out of scope for the vulnerability disclosure program. Any of the
activities below will result in disqualification from the program permanently.
- Physical attacks against InstaReM employees, offices.
- Social engineering of InstaReM employees, contractors, vendors, or service providers.
- Knowingly posting, transmitting, uploading, linking to, or sending any malware.
- Pursuing vulnerabilities which send unsolicited bulk messages (spam) or unauthorized messages.
- Any vulnerability obtained through the compromise of a InstaReM customer or employee accounts.
If you need to test a vulnerability, please create a free account.