Responsible Disclosure Policy

Responsible Disclosure Policy

We aim to keep all products and services provided by ROCeteer safe for everyone, and maintaining the safety and privacy of your data is one of our top goals. If you are a security researcher (or any other perceptive user) and have discovered a security vulnerability in one of our products, we appreciate your help in disclosing it to us in a responsible manner.

If you feel you have found a vulnerability, please email us at security@roceteer.com. To report something particularly sensitive, you can use the ROCeteer Product Security PGP/GPG Key to encrypt your email. We consider reports to this address to be of the highest priority, and will investigate them as quickly as possible.

For all other concerns, please email help@roceteer.com.

For vulnerabilities reported to us in compliance with this disclosure policy, ROCeteer commits to validate, respond to, and fix vulnerabilities in a timely fashion and to not take legal or administrative action against responsible vulnerability reporters. ROCeteer reserves all of its legal rights in the event of noncompliance.

Please include the following in security submissions:

  • Your email address
  • Your full name
  • Summary of issue (e.g., XSS on Page Foo, CSRF on Page Bar, SQLi in App Baz)
  • Steps to reproduce the issue
  • If you wish to be recognized for having participated in our responsible disclosure program, please state that along with the name you would prefer to be listed under. We will list contributors who send us issues that have not yet been disclosed.

All reports will be reviewed on a case-by-case basis and any report that results in a change being made will receive a Hall of Fame recognition.

Please refrain from accessing private information, performing actions that may negatively affect ROCeteer clients or platform users (spam, DDOS, etc), or sending reports from automated tools without verifying them.

Scope

The following sites and applications are in scope for this program:

Out of Scope

In the effort to save researchers their valuable time, this section will be used to report bugs that have already been reported and have been scheduled for a fix (but have not completed testing for production:

On Community.roceteer.com:

Clickjacking vulnerability
Session Expiration length
Email ID Enumeration

Hall of Fame

We sincerely appreciate the efforts of the following security researchers who have worked to make this community a safer place.

Brian Beckman

NoEatNoSleep

Ahmed Adel Abdelfattah*

Pradeep Kumar

Rui Silva*

Ramin Farajpour Cami

Jay Patel

Muhammed Osama

Koutrouss Naddara*

Shawar Khan*

Ahmed Jerbi*

Aaditya Purani

Manish Agrawal

Pratik Satapathy

Ali Hassan Ghori

Muhammed Gamal Fahmy

Pratyush Anjan Sarangi

Daniyal Nasir

Nithish M. Varghese

Muhamamd Zeeshan

Mohamed Khaled Fathy

Ye Yint Min Thu Htut

SaifAllah benMassaoud

Shivam Kumar Agarwal

Mohammad Naveed

*Denotes multiple reports filed.