Responsible Disclosure

Responsible Vulnerability Disclosure Program

No technology is perfect. As a security company, we take the security of our products and services seriously. We believe that working together with other skilled security researchers across the globe is crucial to offer secure solutions. We appreciate the work of the white hat community in responsibly reporting any vulnerabilities.

Contact Information

If you happen to find a vulnerability in our software please contact us immediately as part of this responsible disclosure program. Just send us an e-mail to security@crashtest-security.com.

Required Information

If possible/applicable include the following information:

  • Affected Product(s)/versions/URLs
  • System Details (Operating System, etc.)
  • Technical Description and Reproduction Steps
  • Proof of Concept how the Vulnerability can be abused
  • Impact of the Vulnerability
  • Other Parties/Products Involved
  • Disclosure Plans/Dates

We only accept submissions that contain a full proof of concept that contains a description of how the vulnerability can be abused and how this impacts the services of Crashtest Security.

In Scope

We accept submissions for this program for the following applications with a few exceptions:

  • crashtest-security.com
  • *.crashtest-security.com
  • crashtest.cloud
  • *.crashtest.cloud

Out of Scope

The following applications are out of scope:

  • blog.crashtest-security.com
  • wiki.crashtest-security.com
  • scan.crashtest-security.com
  • The chat functionality used on any of the sites in scope

Hall of Fame

We thank all security researchers that support our security efforts as part of our responsible disclosure program: