At Scamnetic, we prioritize the security of our products and services. We believe in transparency and encourage the responsible disclosure of vulnerabilities and security concerns. We appreciate the efforts of security researchers and ethical hackers in helping us identify and mitigate risks to our users and systems. This policy outlines how we handle security vulnerabilities, the process for reporting them, and the expectations for researchers submitting vulnerabilities.

1. SCOPE

This policy applies to all systems, services, and products under the ownership and control of Scamnetic, including but not limited to:

• Web applications
• Mobile applications
• APIs
• Internal infrastructure

2. REPORTING A VULNERABILITY

If you discover a vulnerability in one of our products or services, please notify us through our designated security contact channel at [email protected].

Provide as much detail as possible to help us understand the vulnerability, including:

• A description of the vulnerability
• Steps to reproduce it
• Any relevant payloads or proof of concept (PoC)
• Affected product version or environment

3. WHAT WE ASK YOU TO DO

• Do not exploit the vulnerability beyond the proof of concept needed to demonstrate the issue.
• Do not access, modify, or delete any data from systems or services not directly related to the reported vulnerability.
• Do not publicly disclose the vulnerability until we have had an opportunity to address it, and a coordinated disclosure process is in place.

4. WHAT WE PROMISE TO DO

• Acknowledge receipt of the report within 7 business days.
• Investigate the issue and work with the reporter to understand its impact and prioritize remediation.
• Keep you informed on our progress and resolution of the vulnerability.
• Credit your contribution in public security advisories, if desired, in accordance with responsible disclosure practices.
• Coordinate disclosure to minimize risk to users, including setting a public timeline for full disclosure once remediation is in place.

5. OUR COMMITMENT TO A TIMELY RESPONSE

We aim to address all reported vulnerabilities in a timely manner based on their severity. Critical vulnerabilities will be prioritized and patched as quickly as possible, typically within 30 days. Less severe vulnerabilities may take longer to resolve, depending on complexity and risk assessment.

6. WHAT WE CONSIDER RESPONSIBLE DISCLOSURE

We follow a coordinated disclosure model, meaning that once a vulnerability is confirmed, we will work with the reporter to establish a timeline for making a fix publicly available. Public disclosure will only happen after we have made reasonable efforts to patch and mitigate the issue.

7. EXCLUSIONS

While we value contributions from the security research community, we ask that you respect the following guidelines:

• Do not test or report vulnerabilities on live production systems without prior approval.
• Do not engage in activities that disrupt our services, such as denial-of-service attacks or mass scanning.
• Do not disclose vulnerabilities publicly until we have had an opportunity to address them, in accordance with the coordinated disclosure process outlined above.

8. LEGAL SAFE HARBOR

We believe that responsible disclosure helps to protect the security and privacy of our customers. If you follow the guidelines outlined in this policy and act in good faith, we will not initiate legal action against you for your security research. However, we reserve the right to take appropriate legal action in the event of malicious or illegal behavior.

9. THANK YOU

We appreciate the efforts of the security community in helping us maintain a secure environment for our users. By working together, we can make the internet a safer place for everyone.

10. REVISIONS TO THIS POLICY

This policy may be updated periodically to reflect changes in our approach to security and vulnerability handling. The latest version will always be available on this page.

11. HOW TO CONTACT US

If you have any questions or concerns about this Vulnerability Disclosure Policy, please contact our security officer at [email protected]