Reporting a Security Vulnerability
We take security seriously and welcome any input that helps us identify and eliminate vulnerabilities. Through this disclosure policy, we hope to properly recognize your efforts to help us ensure the security of Clickety and our customers.
If you believe you have found a security vulnerability that could impact Clickety or our users, we encourage you to let us know right away. Please notify us at email@example.com. If possible, please include evidence as well as steps for reproducing the issue.
If your report contains sensitive data, please use the public GPG key provided below to encrypt your findings.
- Encryption: https://clickety.app/security/clickety_public_key.txt
- Signature: https://clickety.app/security/clickety_public_key.txt.asc
We request you make a good faith effort to avoid privacy violations, destruction of data and interruption or degradation of our service during your research.
Further, when researching, we ask that you not:
- Spam us
- DOS or DDOS us
- Social engineer (including phishing) our staff or contractors
To protect our users, please refrain from sharing information about any potential vulnerabilities with anyone outside of Clickety.
What to Expect from us
If you follow these guidelines, we promise to:
- Take all reported findings seriously
- Respond to your email within 72 hours
- Confirm and acknowledge any findings identified
- Credit and thank you after vulnerabilities have been fixed
- Publicly disclose reported vulnerabilities that we’ve remediated, depending on severity
- Not pursue or support any legal action relating to your research