HALL OF FAME

Responsible Disclosure Programme
We take the security of our systems, products, our employees’ and customers’ information seriously, and we value the security community. We appreciate and encourage security researchers to contact us to report potential vulnerabilities identified in any product, system, or asset belonging to Blogerbse Inc., its affiliates and subsidiaries (together referred to herein as 'Blogerbse' or 'we'/'us'/'our'). If you believe you have identified a potential security vulnerability, please submit it to our Responsible Disclosure Programme.
Responsible Disclosure Programme Guidelines
We require that all researchers:

Make every effort to avoid privacy violations, degradation of user experience, disruption to production systems, and destruction of data during security testing;

Do not engage in any activity that can potentially or actually cause harm to Blogerbse, our customers, or our employees;

Do not initiate any fraudulent financial transactions;

Do not store, share, compromise or destroy Blogerbse or customer data. If Personally Identifiable Information (PII) is encountered, you should immediately halt your activity, purge related data from your system, and immediately contact Blogerbse. This step protects any potentially vulnerable data, and you;

Do not engage in any activity that violates (a) European, federal or state laws or regulations or (b) the laws or regulations of any country where (i) data, assets or systems reside, (ii) data traffic is routed or (iii) the researcher is conducting research activity;

Perform research only within the scope set out below;

Use the identified communication channels to report vulnerability information to us; and

Keep information about any vulnerabilities you have discovered confidential between yourself and Blogerbsef.
If you follow these guidelines when reporting an issue to us, we commit to:

Not pursue or support any legal action related to your research;

Work with you to understand and resolve the issue quickly (including an initial confirmation of your report within 5 business days of submission);

Recognise your contribution on our Security Researcher Hall of Fame, if you are the first to report the issue and we make a code or configuration change based on the issue.
Disclosure Policy

Let us know as soon as possible upon discovery of a potential security issue, and we will make every effort to quickly resolve the issue;

Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third party;

Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit permission of the account ho
Our focus is on

Strong auth (sign-in, sessions, OAuth, account recovery)

Access control (bypasses, faults, CSRF, etc)

Injection prevention (SQL, XSS, method args, etc)

For Blogerbase only: potential privacy leaks, such as bypasses of our spy pixel blocking features or any other leak enabled by any of the Blogerbase features. Concatenating bugs to increase the attack scenario is encouraged.
This is out of scope for all our Site

Best practices concerns (we require evidence of a security vulnerability)

The output of automated scanners without explanation)

Missing cookie flags on non-security sensitive cookies

Missing security headers not related to a security vulnerability

Reports of insecure SSL/TLS ciphers unless you have a working proof of concept

Banner grabbing issues to figure out the stack we use or software version disclosure

Disclosure of known public files or directories, (e.g. robots.txt)

Reports of spam

HSTS or CSP headers

Reflected File Download (RFD)
BlogerBase Commitment
We review all submissions. Blogerbase policy is to investigate all reported security vulnerabilities and resolve all legitimate issues. We make every effort to respond within 1 week upon receipt of a vulnerability report. We will follow up via email after the initial review with our finding
Reward Eligibility
Be the first to identify the issue. We receive issues from several security researchers so it is possible the issue you are reporting has already been reported to us. Follow all of the rules set forth in this document. The report must describe an attack scenario and a real risk for a user.

If you have any questions please write to us:
support@blogerbase.com
Submission process
support@blogerbase.com
If you find a security vulnerability, please submit an email to the above link and include the following information:

Step-by-step instructions of how to reproduce the issue.

Screenshots or a screen-recording (video) of the steps to reproduce the issue.

Include descriptive text with the video or screenshots.

Define the vulnerability and how it can be used to compromise security.

Provide a link to the relevant OWASP page for the submitted issue.

Suggestion on how to remedy the issue.
Hall of Fame
Hall Of Fame

We would like to thanl all persona who make a responsible disclosure to us and recognize their valuable contribution in increasing the security of our products and services for our benefit and for the benefit of our customers by featuring those contributers in our Hall of Fame .
Go to The Hall Of Fame Next image