Instarem Vulnerability Disclosure Policy
We take security of our assets with utmost seriousness. We greatly appreciate the efforts of security researchers and discoverers who share information on security issues with us, giving us a chance to improve our products and services,
and better protect our customers.
If you believe you have identified a potential vulnerability in Instarem.com Web or mobile applications, we encourage you to report us immediately at [email protected].
We ask that you follow our Vulnerability Disclosure Policy Guidelines and make a good faith effort to avoid privacy violations, destruction of data and interruption or degradation of our service during your research.
What's expected from the reporter?
- A detailed PoC (Proof of Concept) with screenshots elaborating the exact steps performed to exploit the issue as well as highlighting the risks associated with it.
- To ensure confidentiality, we insist that you password-protect the document before sharing with us.
- Instarem urges the reporter to keep any communication regarding the vulnerability disclosure confidential.
Upon receiving a vulnerability report, Instarem shall investigate and verify the vulnerability, and determine if it's eligible for our reward program.
Few factors shall be taken into consideration before determine the eligibility:
- Duplicate check. Whether the vulnerability has already been reported before.
- Criticality of the vulnerability. In scoring or rating vulnerabilities, Instarem follows standard industry best practices to designate the vulnerability's impact as High, Medium or Low.
- Potential impact to our infrastructure.
Post Confirmation of Vulnerability
- Instarem shall then release a fix to address the issue at the earliest.
- Instarem shall endeavour to keep the reporter apprised of the status of vulnerability.
- Instarem shall reward the reporter with a credit as deemed appropriate.
NOTE: Only non-duplicate vulnerabilities classified as ‘High’ shall be considered for reward.
The following conditions are out of scope for the vulnerability disclosure program. Any of the activities below will result in disqualification from the program permanently.
- Physical attacks against Instarem employees, offices.
- Social engineering of Instarem employees, contractors, vendors, or service providers.
- Knowingly posting, transmitting, uploading, linking to, or sending any malware.
- Pursuing vulnerabilities which send unsolicited bulk messages (spam) or unauthorized messages.
- Any vulnerability obtained through the compromise of a Instarem customer or employee accounts. If you need to test a vulnerability, please create a free account.